[pydotorg-www] [PSF-Members] [Infrastructure] Wiki news?

M.-A. Lemburg mal at egenix.com
Fri Jan 18 20:31:24 CET 2013

On 18.01.2013 19:59, Neil Schemenauer wrote:
> [PSF list removed]
> On 2013-01-18, M.-A. Lemburg wrote:
>> In other words, the backdoor will likely have been open for
>> several months.
> My thanks to all the work put in by volunteers.  Has there been any
> consideration given to using different wiki software?  It's my
> impression that MoinMoin has a quite poor record with regard to
> security:
>     http://moinmo.in/SecurityFixes
> The abundance of past holes doesn't predict future ones but in
> general there seems to be a correlation. 

I think that's a misinterpretation. MoinMoin is used in a *lot*
of places and so finding vulnerabilities becomes more attractive
than for other similar software.

I agree, though, that a security audit would probably not
hurt :-) Perhaps they should have one of their GSoC students
run such an audit this summer.

> Whatever software we use,
> keeping the wiki separated (e.g. in its own VM) is definitely a good
> idea.  Anytime you allow remote users to create content the risks
> are high.


Let's not overreact :-) Without the incident we would still be under
the assumption that we have backups for everything...

It also shows that we have to make a few enhancement to the way
we do logging; but that's going to be a new thread.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Jan 18 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
2013-01-22: Python Meeting Duesseldorf ...                  4 days to go

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the pydotorg-www mailing list