On Fri, Feb 25, 2011 at 15:26, Marc G. Fournier <scrappy@hub.org> wrote:
> On Fri, 25 Feb 2011, Magnus Hagander wrote:
>
>> What I am more worried about is that there seems to be no upstream
>> maintenance of mj2. I mean, their website hasn't been touched in more
>> than 10 years! And given the *huge* security hole that was found in it
>> recently (taht AFAIK was patched manually by Marc?), it's rather
>> obvious there is no maintenance. And that worries me a lot.
>
> Actually, apparently that bug was patched earlier then we found it ... the
> thing mj2 is lacking is a proper commit mailing list, so I wasn't aware of
> hte patch :(
Eek. But you're at least saying they have a source code repository
somewhere? :D Do they actually make releases as well?
>> Do we really know the system well enough to be comfortable maintaining
>> *all* of it? Or is there actually some top secret upstream maintainenance
>> that just missed a *huge* security hole for 10 years?
>
> Again, that was more a communications issue with the mj2 devs then an
> oversight on their part ... as Alvaro can attest, when I posted to the mj2
> list about it, the firts rsponse I got out of Jason (core deeveloper) was
> "already fixed in CVS" ...
Hmm. Last I checked I wasn't even able to find a working mailinglist
for it :-) At least not one with archives. Can you give me a pointer
to where I find that - it would be good to have around for
reference...
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/