CMS Option: Zikula

David Nelson operator at zikula.tv
Sun Jan 25 20:17:02 UTC 2009 

Hello,

If it's of any interest to you, there's a history and timeline about
the Zikula project
at http://zikula.tv/zikula-postnuke-history.html

The timeline tracks all the security advisories since the project's
beginning, and
would let you gauge our attitude to security, etc. Plus there's lots
of other info
there too (although it's a work in progress...)

If I were to venture why Zikula would be so good for Fedora Docs, I'd suggest:

1) The people in the project all believe fervently in Zikula as a
product. We love
it for its power and flexibility. We love it because you can do
anything with it.

2) Our devs have the imagination and the skill to help you not only fulfill
your presently-known needs, but also to help you examine and explore new
possibilities for the future. Our platform is sufficiently powerful,
well-designed
and flexible to provide your future platform without having to change to another
product.

3) Every member of our team would *love* to have you as our client. We
would all be strongly involved in making sure that you achieve what you want.

Hope this helps, and hope very much we'll be working with you in the future,

-- 
David Nelson
Web: http://zikula.tv

> One of the things I didn't know until I did some browsing around their
> website is that Zikula started off as PostNuke but that they changed the
> name in June.  So they are a long term player in the CMS market.
>
>> None of this has any bearing on the quality of Zikula, which I'm sure
>> is excellent.
>>
> I was impressed by a few of the things I've learned since this morning
> :-)  The answers to how Proactive the security is was a nice change from
> the usual thoughts I've seen::
>   https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20
>
> Here's my naive search of cve.mitre.org for issues reported in 2008.
> Note that some people would say to exclude plugins from this but my view
> is that we're going to be running plugins as part of our deployment and
> we'll want to know if we can expand our capabilities by pulling in
> functionality via plugins without compromising security.  So knowing
> this does a little towards understanding whether the Core provides an
> API for writing secure plugins and the plugin community is security
> minded as well as Core developers.  And like I say, this is naive :-)
>
> 91 Joomla -- Lots of plugins a few in core
> 79 Drupal -- Lots of plugins a few in core
> 60 Wordpress -- Lots of plugins, a few in core
> 53 Mambo --Lots of plugins, at least one in core
> 4 zikula + postnuke -- 1 in Core, 3 in plugins
> 1 midgard
> 0 zikula
> 0 enano
>
> For reference, mediawiki, which we think has an acceptable
> security-to-benefit ratio, had 8 vulnerabilities reported in 2008 using
> the same naive count.
>
> -Toshio

More information about the fedora-docs-list mailing list