[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009

Anand Balachandran Pillai abpillai at gmail.com
Thu Oct 8 06:48:20 CEST 2009


On Thu, Oct 8, 2009 at 5:01 AM, Kenneth Gonsalves <lawgon at au-kbc.org> wrote:

> On Wednesday 07 Oct 2009 3:38:25 pm Noufal Ibrahim wrote:
> > On Wed, Oct 7, 2009 at 3:16 PM, Kenneth Gonsalves <lawgon at au-kbc.org>
> > wrote: [..]
> >
> > > django, plone has about one issue every two years - usually minor and
> not
> > > affecting anything critical. There is something radically wrong in a
> > > software that gets one core critical issue a month (even then drupal is
> > > better than wordpress that churns out such things 2 or 3 times a
> > > month).[..]
> >
> > One thing to consider is that the number of deployed installations of
> > PHP based CMSs like Drupal and Wordpress is much MUCH higher than the
> > Python based ones like Plone. That alone will skew the numbers quite a
> > bit.
> >
> > There are cases of course where the software itself was not designed
> > with security in mind perhaps for an earlier era (eg. Sendmail) where
> > the number of exploits is quite high but I don't think Drupal falls
> > into this category.
> >
> > Your comment however begs the question - do you feel that one of the
> > reasons why Drupal is 'insecure' because it's coded in PHP.
>

  Yes. Take a look at the cyber security bulletin from U.S home land
security
  for Jan 09 as an example.

 http://www.us-cert.gov/cas/bulletins/SB09-033.html

 I did a quick n dirty count using browser find in Firefox, and counted
about 12
 vulnerabilities related to Python in total. For PHP, I counted 25 and
stopped
 counting.

 Of course, there is always the argument that Python is much less used on
the
 web as opposed to PHP, which is the reason for this. You can find an
argument
 in the lines of that here,


http://fourkitchens.com/blog/2009/04/03/vulnerability-reports-are-not-indications-weakness

 He quotes Linus out of context, which is "Given enough eyeballs, all bugs
are shallow"
 which however does not imply , "Not given enough eyeballs, shallow bugs are
actually
  deep pits waiting to be exploited". This is at best a strawman argument.



>
> --
> regards
> Kenneth Gonsalves
> Senior Project Officer
> NRC-FOSS
> http://nrcfosshelpline.in/web/
> _______________________________________________
> BangPypers mailing list
> BangPypers at python.org
> http://mail.python.org/mailman/listinfo/bangpypers
>



-- 
--Anand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/bangpypers/attachments/20091008/a67ce4fd/attachment.htm>


More information about the BangPypers mailing list