On Fri, 25 Feb 2011, Magnus Hagander wrote:
> What I am more worried about is that there seems to be no upstream
> maintenance of mj2. I mean, their website hasn't been touched in more
> than 10 years! And given the *huge* security hole that was found in it
> recently (taht AFAIK was patched manually by Marc?), it's rather
> obvious there is no maintenance. And that worries me a lot.
Actually, apparently that bug was patched earlier then we found it ... the
thing mj2 is lacking is a proper commit mailing list, so I wasn't aware of
hte patch :(
> Do we really know the system well enough to be comfortable maintaining
> *all* of it? Or is there actually some top secret upstream
> maintainenance that just missed a *huge* security hole for 10 years?
Again, that was more a communications issue with the mj2 devs then an
oversight on their part ... as Alvaro can attest, when I posted to the mj2
list about it, the firts rsponse I got out of Jason (core deeveloper) was
"already fixed in CVS" ...
Marc G. Fournier Hub.Org Hosting Solutions S.A.
scrappy@hub.org http://www.hub.org
Yahoo:yscrappy Skype: hub.org ICQ:7615664 MSN:scrappy@hub.org