Contribute  :  Support  :  Downloads  :  Forum  :  Links  :  Polls  :  Calendar  :  Directory  :  Advanced Search  
Geeklog The Ultimate Weblog System

advanced search 

Resources

Getting started
Support
Development

Sections

Home
Geeklog (190)
Geeklog 2 (28)
Announcements (201)
Summer of Code (8)
Security (55)
Plugins (50)
Server (26)
Spam (10)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

What's New

STORIES

No new stories

COMMENTS last 2 days

No new comments

TRACKBACKS last 2 days

No new trackback comments

NEW FILES last 14 days


LINKS last 2 weeks

No recent new links

Older Stories

Monday 17-Mar


Tuesday 08-Jan


Saturday 29-Dec


Tuesday 04-Dec


Sunday 04-Nov
Welcome to Geeklog
Friday, May 16 2008 @ 02:30 AM EDT
   

Geeklog Security

Wednesday, October 29 2003 @ 04:29 PM EST
Contributed by: Tony
Views: 5,796
SecurityThe Geeklog Development Team has created a new page devoted to security issues related to our product. This new page is our attempt to show all of you in the community the importance we put on security, to discuss how we handle security issues and to give you a single place to get a feel for how secure Geeklog really is. If there is something that you all feel is missing or more detail you would like please provide us with some suggestions.
 

What's Related

Story Options

Geeklog Security | 5 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Geeklog Security
Authored by: Anonymous on Wednesday, October 29 2003 @ 06:08 PM EST
Good idea - nice to show that the development team is taking security
seriously. But I think that anyone who has been watching this site for the
last couple of years, or even a couple of weeks, will realise that this is
one of the best supported
products out there.

Keep up the good work!
Geeklog Security
Authored by: jhk on Saturday, November 01 2003 @ 11:21 AM EST
A good way of showing that the developers take security seriously. How many CMS's have a page dedicated to security?

Speaking of security updates: Do you have any idea how long you intend to continue supporting 1.3.7 with sr-fixes? I realise that supporting more than one release becomes harder as the releases diverge in functionality and code, but I'm sure that a lot of people are still running the old version.

/Jens
Geeklog Security
Authored by: Tony on Monday, November 03 2003 @ 03:23 PM EST
Typically we only support the current release. So, if a new security bug was found in 1.3.8-1sr1 then we would call it 1.3.8-1sr2 and stop supporting 1.3.8-1sr1. However, at our descretion we will patch old systems when a) we feel there are enough users of the old version to warrant it and b) the fix is easy to make.

So, the general rule of thumb still applies...stay current.

---
The reason people blame things on previous generations is that there's only one other choice.
Geeklog Security
Authored by: Anonymous on Sunday, November 02 2003 @ 09:16 AM EST
The Security page is a good idea. One small suggestion:

You should add info telling GL users how they can be notified about security related updates and other security issues they need to know about. The Geeklog-Announce mailing list covers new releases. Would it be used to inform users of security issues they need to know about, even if there is not yet a new release?
Geeklog Security
Authored by: Tony on Monday, November 03 2003 @ 03:37 PM EST
Good point. I have added a section to the new security page that makes this point.

---
The reason people blame things on previous generations is that there's only one other choice.
© 2002-2008 Geeklog
Created this page in 2.32 seconds		 Powered By Geeklog 1.4.1 
Hosted by pair.com