[pydotorg-www] [PSF-Members] [Infrastructure] Wiki news?

Brian Curtin brian at python.org
Fri Jan 18 22:50:10 CET 2013


On Fri, Jan 18, 2013 at 3:51 PM, Paul Boddie <paul at boddie.org.uk> wrote:
> M.-A. Lemburg wrote:
>> On 18.01.2013 19:59, Neil Schemenauer wrote:
>> > [PSF list removed]
>> >
>> > On 2013-01-18, M.-A. Lemburg wrote:
>> >> In other words, the backdoor will likely have been open for
>> >> several months.
>> >
>> > My thanks to all the work put in by volunteers.  Has there been any
>> > consideration given to using different wiki software?  It's my
>> > impression that MoinMoin has a quite poor record with regard to
>> > security:
>> >
>> >     http://moinmo.in/SecurityFixes
>> >
>> > The abundance of past holes doesn't predict future ones but in
>> > general there seems to be a correlation.
>>
>> I think that's a misinterpretation. MoinMoin is used in a *lot*
>> of places and so finding vulnerabilities becomes more attractive
>> than for other similar software.
>
> Agreed. Just because the MoinMoin project has openly published advisories (and
> fixed vulnerabilities) doesn't mean that it has a "poor record", or at least
> a record that is poorer than other software. I happen to be subscribed to
> notifications for MediaWiki, for example, and advisories are regularly
> published exhorting users to upgrade in order to fix various issues.
>
> We could spend substantial effort migrating to something else without any
> guarantee of improved security and with substantial inconvenience incurred.
> As I noted on a rather tiresome thread on the PSF list, throwing everything
> out in order to do things some other, supposedly "better" way is an
> unfortunate Python community tendency that we shouldn't indulge. I also think
> that using people's software and then abandoning it (and them) when we find
> something we don't like about it, instead of offering to improve it, is
> counterproductive if not a betrayal of those people.

Speaking of improving it: on Wednesday, the PSF approved a grant to
expedite development efforts that the MoinMoin team is putting in to
using passlib for their password handling.


More information about the pydotorg-www mailing list