Chris Withers wrote:
The acrimonious nature of your document means many people are unlikely to take it seriously and hardly anyone who _can_ fix the problems you half heartedly describe will want to put up with the verbal battering required to do so...
We've been over this privately, now let it be shown on the public record that I am aware of your opinion, but that the venue you express it in makes no difference. Robert Segall wrote:
Jamie's fixes are useful and should be considered by anybody who is really interested in these matters. Whether they are really vital is another question: some of the issues are not important in certain scenarios (small development team on single project may not care about about privilege escalation via ZMI, problems with the CGI are of no importance unless you use that mechanism), others can be dealt with by other mechanisms (proxy filtering).
Yup, the only people who can answer the question of importance are the people using the software, because they're the only ones who know the behavior they require. The advantage of the community is we can share our knowledge of these problems, and the advantage of open source is that we can address the origin of the problems directly and at our leisure.
Yet some others are truly horrible and affect everybody (the idea of allowing XML-RPC on the HTTP port is about as bad as anything I have ever seen).
...and there ya go, a perfect example; I didn't find that issue threatening. I removed XML-RPC from my personal tree just because I didn't need it. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer