[Owncloud] [Alpha] mod_security rules for ownCloud 5.0

Michael Grosser owncloud at seetheprogress.net
Wed May 8 08:27:55 UTC 2013


Just to add. He asked for testing and released it for testing within
an alpha state. Additionally pushes into a repo doesn't say anything
about the age per se.
...

On Wed, May 8, 2013 at 1:32 AM, Appeldorn, Michael
<Michael.Appeldorn at tui.com> wrote:
> F
>
> Q
>
>
>
>
>
> Am 08.05.2013 um 00:08 schrieb "Bernhard Posselt" <nukeawhale at gmail.com>:
>
>> On 05/07/2013 11:21 PM, Sebastian Kügler wrote:
>>> Hi ownClouders,
>>>
>>> On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote:
>>>> I just released a custom mod_security ruleset for ownCloud 5.0. - I've
>>>> rewritten the whole set yesterday which means that it most probably still
>>>> has some bugs inside ;-)
>>> Let me state the obvious here: You _released_ a security critical feature
>>> which has not been thoroughly tested (or even reviewed critically?) and is
>>> less than 24 hours old.
>>>
>>> Looking at the amount of CVE numbers in ownCloud's changelogs and this email,
>>> this suggests a fundamental process problem.
>>>
>>> Having seen ownCloud being ridiculed for its amount of regressions and
>>> security problems more than once in the past two weeks alone makes me sad. I
>>> think the software and its underlying ideas has great potentials, but the
>>> problems it's currently fighting will simply not go away if this way of
>>> putting code out into the open is the norm.
>>>
>>> Cheers,
>> I think you misunderstand the mod_security stuff. Its a basically some kind of firewall and an addtional layer of security. Basically it has nothing to do with the current owncloud code.
>> _______________________________________________
>> Owncloud mailing list
>> Owncloud at kde.org
>> https://mail.kde.org/mailman/listinfo/owncloud
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud



More information about the Owncloud mailing list