Martin Sourada wrote:
We also need to decide if we want to run the software in Fedora Infrastructure.Thanks for the info. Looks like the gallery2 would satisfy our needs pretty good. The only two issues I noticed is the missing integration with FAS (which might be already in progress, as noted by Ricky), and easy way to handle images sources (which is not a show-stopper for us, though it would be nice if we could implement that nicely as well). I guess we could set-up a test gallery2 implementation on one of our fedorapeople accounts and if it works well, ask for transferring it to art.fedoraproject.org here?
Searching for CVEs was somewhat hard since gallery is a common name for photo gallery software. I found 5 CVE's against Menalto Gallery this year and 9 last year. There are other CVE's that weren't picked up in my search as they did not identify gallery as "menalto" (I googled and found references...) I'm not sure how this compares to other gallery software but it is less than phpnuke, drupal, and other things that I have been against.
We do not yet have SELinux turned on on our app servers (although lmacken and dwalsh have gotten us much closer recently). I am pretty sure we do have mod_security deployed. Do we feel comfortable with this? What are the alternatives that fit the criteria and are they worse?
Description: OpenPGP digital signature