Web Application Security (was Re: universe demotion: Moodle)

Stephan Hermann sh at sourcecode.de
Tue Jan 26 18:30:50 GMT 2010


what I see here is a problem in general about web applications and
non-rolling releases like Debian or Ubuntu.

Web Applications nowadays do have many security constrains, and
therefore do need more "love" then e.g. gnome or kde.

Is there any afford (despite this mail) to establish a working group to
provide a more stable and secure platform of "Ubuntu" for
Web Applications?

Just read this mail as a start for a discussion to make Ubuntu OS as
the No. 1 Platform for Wordpress or Drupal or Typo3 :)

I would like to start up such a team or group :)



On Tue, 26 Jan 2010 19:47:03 +0200
"Jonathan Carter (highvoltage)" <jonathan at ubuntu.com> wrote:

> Hi Kees
> On Tue, Jan 26, 2010 at 7:28 PM, Kees Cook <kees at ubuntu.com> wrote:
> > I would like to propose demoting Moodle to universe.  It has no
> > active stable (or devel[1]) maintainer in Ubuntu, and the level of
> > effort required to maintain security support on this PHP
> > application is very high.  I do not want to see it in a second LTS
> > release.
> >
> > http://people.canonical.com/~ubuntu-security/cve/pkg/moodle.html
> I believe it's only in main because Edubuntu shipped it before as part
> of the edubuntu-server task. Canonical planned to provide support for
> it at one stage, but besides that I don't think there's any reason for
> it to be in main and it seems like something that really should be in
> universe.
> -Jonathan

| Stephan '\sh' Hermann    | OSS Dev / SysAdmin         |
| JID: sh at linux-server.org | http://www.sourcecode.de/  | 
| GPG ID: 0xC098EFA8	   | http://leonov.tv/          |
| FP: 3D8B 5138 0852 DA7A B83F DCCB C189 E733 C098 EFA8 |

More information about the ubuntu-devel mailing list