[Bug 191968] Review Request: phpBB - A php Bulletin Board

bugzilla at redhat.com bugzilla at redhat.com
Tue May 16 18:14:35 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: phpBB - A php Bulletin Board


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191968


peter at thecodergeek.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |peter at thecodergeek.com




------- Additional Comments From peter at thecodergeek.com  2006-05-16 14:14 EST -------
Mike,

I think that the main reason people do not like phpBB is its security track
record (well, the lack thereof at least...)

However, there is a point in which the packager simply must trust that upstream
is doing their job to keep things updated and patched. Generally, the phpBB
people are good about quickly putting out security fixes for their software; and
I think having multiple maintainers for such a package would make it so that we
could keep the software in Extras patched and updated very quickly after such a
fix is put out from upstream. In this way, users would not need to worry about
their server's security due to this application. 

If the community wants phpBB to be put into Extras, would having a couple (or
more) comaintainers to keep it updated and fixed ease their worries a bit? If
this is the case, I would be happy to help Mike (and others?) maintain phpBB in
Extras. (I submitted bug #188410.) 

However, I think it would be best if the code went through at least a brief
security audit before being putting in Extras. There is a point where upstream
simply needs to be trusted; but with phpBB's upstream, I do not think it wise to
have that trust quite so blindly. Would this be feasible?

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list