[Owncloud] [Alpha] mod_security rules for ownCloud 5.0
Sebastian Kügler
sebas at kde.org
Tue May 7 21:21:38 UTC 2013
Hi ownClouders,
On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote:
> I just released a custom mod_security ruleset for ownCloud 5.0. - I've
> rewritten the whole set yesterday which means that it most probably still
> has some bugs inside ;-)
Let me state the obvious here: You _released_ a security critical feature
which has not been thoroughly tested (or even reviewed critically?) and is
less than 24 hours old.
Looking at the amount of CVE numbers in ownCloud's changelogs and this email,
this suggests a fundamental process problem.
Having seen ownCloud being ridiculed for its amount of regressions and
security problems more than once in the past two weeks alone makes me sad. I
think the software and its underlying ideas has great potentials, but the
problems it's currently fighting will simply not go away if this way of
putting code out into the open is the norm.
Cheers,
--
sebas
http://www.kde.org | http://vizZzion.org | GPG Key ID: 9119 0EF9
More information about the Owncloud
mailing list