[BangPypers] [ANN][X-Post] SciPy India conference in Dec. 2009
Anand Balachandran Pillai
abpillai at gmail.com
Thu Oct 8 06:48:20 CEST 2009
On Thu, Oct 8, 2009 at 5:01 AM, Kenneth Gonsalves <lawgon at au-kbc.org> wrote:
> On Wednesday 07 Oct 2009 3:38:25 pm Noufal Ibrahim wrote:
> > On Wed, Oct 7, 2009 at 3:16 PM, Kenneth Gonsalves <lawgon at au-kbc.org>
> > wrote: [..]
> > > django, plone has about one issue every two years - usually minor and
> > > affecting anything critical. There is something radically wrong in a
> > > software that gets one core critical issue a month (even then drupal is
> > > better than wordpress that churns out such things 2 or 3 times a
> > > month).[..]
> > One thing to consider is that the number of deployed installations of
> > PHP based CMSs like Drupal and Wordpress is much MUCH higher than the
> > Python based ones like Plone. That alone will skew the numbers quite a
> > bit.
> > There are cases of course where the software itself was not designed
> > with security in mind perhaps for an earlier era (eg. Sendmail) where
> > the number of exploits is quite high but I don't think Drupal falls
> > into this category.
> > Your comment however begs the question - do you feel that one of the
> > reasons why Drupal is 'insecure' because it's coded in PHP.
Yes. Take a look at the cyber security bulletin from U.S home land
for Jan 09 as an example.
I did a quick n dirty count using browser find in Firefox, and counted
vulnerabilities related to Python in total. For PHP, I counted 25 and
Of course, there is always the argument that Python is much less used on
web as opposed to PHP, which is the reason for this. You can find an
in the lines of that here,
He quotes Linus out of context, which is "Given enough eyeballs, all bugs
which however does not imply , "Not given enough eyeballs, shallow bugs are
deep pits waiting to be exploited". This is at best a strawman argument.
> Kenneth Gonsalves
> Senior Project Officer
> BangPypers mailing list
> BangPypers at python.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the BangPypers