[Owncloud] [Alpha] mod_security rules for ownCloud 5.0

Appeldorn, Michael Michael.Appeldorn at tui.com
Tue May 7 23:32:10 UTC 2013


F

Q





Am 08.05.2013 um 00:08 schrieb "Bernhard Posselt" <nukeawhale at gmail.com>:

> On 05/07/2013 11:21 PM, Sebastian Kügler wrote:
>> Hi ownClouders,
>> 
>> On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote:
>>> I just released a custom mod_security ruleset for ownCloud 5.0. - I've
>>> rewritten the whole set yesterday which means that it most probably still
>>> has some bugs inside ;-)
>> Let me state the obvious here: You _released_ a security critical feature
>> which has not been thoroughly tested (or even reviewed critically?) and is
>> less than 24 hours old.
>> 
>> Looking at the amount of CVE numbers in ownCloud's changelogs and this email,
>> this suggests a fundamental process problem.
>> 
>> Having seen ownCloud being ridiculed for its amount of regressions and
>> security problems more than once in the past two weeks alone makes me sad. I
>> think the software and its underlying ideas has great potentials, but the
>> problems it's currently fighting will simply not go away if this way of
>> putting code out into the open is the norm.
>> 
>> Cheers,
> I think you misunderstand the mod_security stuff. Its a basically some kind of firewall and an addtional layer of security. Basically it has nothing to do with the current owncloud code.
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud



More information about the Owncloud mailing list