[TYPO3-ect] Ideas to clean up TER
Helmut Hummel
helmut.hummel at typo3.org
Mon Jan 30 09:03:27 CET 2012
Hi,
On 29.01.12 08:35, Michael wrote:
> As described above... I do not have a problem if the EM would not list
> "unmaintained" extensions and would not allow to download them from TER.
> But I would suggest to keep/archive the code in the TER (still accessible).
I just want to clarifiy that "unmaintained" extensions sould also mean
unmaintained by the Security Team. Because of that, these extensions
must be excluded from the EM with *no* option to include them.
Same goes for the TER website.
Nevertheless I'm fine, if they stay accessible for download by using a
direct link (which you have to know to forge). This is how it is
currently is the case when we mark an extensions insecure. You can still
download the extension but in any case cannot do so "by accident".
Additionally you get a warning in EM (or other tools).
A similar concept (but not the same) should be used for unmaintained
extensions.
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-extension-coordination
mailing list