Hi,

I was wondering how much value was put in security audits?

Thanks for XOOPS!

Harald Hoyer

running http://fcp.homelinux.org

Use search ... there were many topics about XOOPS security.

PS: Change a theme on your website!

Thx!

What's wrong with the default theme?

Hi Harold,

Security audits in what context? They can be very useful for developing security strategies if done right. Don't worry about Bahattee.... he's just a little grumpy. I think what he was trying to say is that he thinks the theme on your site might be a little generic looking. I think it looks perfectly fine (I quite like the default XOOPS theme), but that's probably just me .

I mean, reviews of module code, rating on the code quality, etc.
Is there a mailing list for security issues, updates, etc?

Being a systems engineer by trade, I'd love to see something like this, but I don't know of any such mailing lists. The dev.xoops.org site has quite a lot of info if you dig down, and we always have our resident XOOPS security frontman GIJOE keeping his eyes and ears open for any new exploits . GIJOE has even written modules for XOOPS to protect it specifically from a range of different attacks.

I think XOOPS could benefit a lot if there was a lot more information in regards to security, quality, perfromance and scalability of modules. However, being a community heavily weighted with end users (in comparision to developers), the features and functionaility of a module is given a lot more of the spotlight. Adding to this is the fact that getting an audit base up like this would take a lot of work, and is something that would need constant updating. I know the XOOPS dev's keep a close eye on core security, but I don't know how that can specifically relate to modules.