[TYPO3-typo3org] extensions dissapearing from TER2
Peter Klein
peter at umloud.dk
Mon Sep 11 14:23:16 CEST 2006
"Michael Scharkow" <michael at underused.org> skrev i en meddelelse
news:mailman.1.1157974824.17676.typo3-team-typo3org at lists.netfielders.de...
> Peter Klein wrote:
>> Hi Michael. Is there a list of extensions that has been removed for
>> security reasons?
>
> Yes, um, especially for script kiddies, right ;) I'd rather add an
> appropriate check to the EM for 4.1
>
So how would normal TYPO3 developers/users know if an extension has been
removed for security reasons then?
I have looked at the security bulletins at
http://typo3.org/teams/security/security-bulletins/
But can't find reference to any of the 2 extensions I mentioned.
>> BTW: If an extension is removed for security reasons, then why keep
>> extensions that depends on that extension, online?
>> They don't have any use without the main extension..
>
> Chances are that extensions are fixed, and removing/re-adding all related
> extensions is a major pain, especially since dependencies are not really
> well-tested.
Why not keep the unsecure extension online too, but with a note saying that
it has security problems.
That way people will instantly know that this extension should be avoided.
Specially if not all is listed on
http://typo3.org/teams/security/security-bulletins/
--
Peter Klein
More information about the TYPO3-team-typo3org
mailing list