[TYPO3-typo3org] extensions dissapearing from TER2
Peter Klein
peter at umloud.dk
Mon Sep 11 16:22:07 CEST 2006
Here's one more that is no longer at TER.
sp_directory
And as with the other 2 extensions, it's not mentioned at
http://typo3.org/teams/security/security-bulletins/ (or anywhere else at
TYPO3.ORG)
So are you really sure that they have been removed for security reasons?,
and it's not a bug at TER?
--
Peter Klein/Umloud Untd
"Peter Klein" <peter at umloud.dk> skrev i en meddelelse
news:mailman.1.1157977368.23434.typo3-team-typo3org at lists.netfielders.de...
> "Michael Scharkow" <michael at underused.org> skrev i en meddelelse
> news:mailman.1.1157974824.17676.typo3-team-typo3org at lists.netfielders.de...
>> Peter Klein wrote:
>>> Hi Michael. Is there a list of extensions that has been removed for
>>> security reasons?
>>
>> Yes, um, especially for script kiddies, right ;) I'd rather add an
>> appropriate check to the EM for 4.1
>>
>
> So how would normal TYPO3 developers/users know if an extension has been
> removed for security reasons then?
> I have looked at the security bulletins at
> http://typo3.org/teams/security/security-bulletins/
> But can't find reference to any of the 2 extensions I mentioned.
>
>>> BTW: If an extension is removed for security reasons, then why keep
>>> extensions that depends on that extension, online?
>>> They don't have any use without the main extension..
>>
>> Chances are that extensions are fixed, and removing/re-adding all related
>> extensions is a major pain, especially since dependencies are not really
>> well-tested.
>
> Why not keep the unsecure extension online too, but with a note saying
> that it has security problems.
> That way people will instantly know that this extension should be avoided.
> Specially if not all is listed on
> http://typo3.org/teams/security/security-bulletins/
>
> --
> Peter Klein
>
>
More information about the TYPO3-team-typo3org
mailing list