GIJOE: thanks for that.... thorough demonstration. You made your point. We have installed the protector module on this website.
Now please carefully reread my lengthy reply to your post and answer the following proposals to make the whole XOOPS system better and more secure.
In my reply I invited GIJOE to join the QA team as security expert. I truly think, and the demonstration also shows this, that adding a security dedicated team to the QA team would be a good thing. And I said just that in
this QA thread:
Quote:
- Last but definately not least: security.
I also think the QA team should have a few people dedicated and knowledgable about security issues. They should keep an eye out for important reports and issues, and dig into the system to see if XOOPS is vulnerable. The japanese community seems highly competent for this task, maybe some collaboration on this would be great.
So it's not that we disagree on that. There seems to be some miscommunication on how to deal with this then. So let's be practical:
The XOOPS core development has always been directed from here at xoops.org. We use the
SF.net project space to manage the XOOPS Core Development so everyone can contribute. This has been communicated from here many times, and permanently as well (see the 'development' block on the left side). I can honestly say I never have recieved special security reports from anyone, which is good, because I am not the lead developer, plus we have Sf.net to facilitate just that. Judging by the number of submissions made by the Japanese community, this is not news to them/you.
So, what I propose is this: we make an effort into merging the Japanese secure fork with 2.0.10 beta, together. This way, the whole XOOPS community will benefot, and the Japanese community will be able to make a large contribution to make the internet a safer place, as well as learn from the skills of the rest of the (non-japanese speaking) community and developers. So we both win.
For this, we use the international/english sf.net site and servers (so not the jp.sourceforge.net ones), so everyone has access to this. We all share what we find among everyone.
Also, I want to
strongly invite you and anyone from the whole XOOPS community, to make a
security team as part of the Quality Assurance team (and make GIJOE XOOPS's Chief of Security?), so we will have a continuous development and monitor to make and keep XOOPS's security level as high as possible.
That is my offer, please respond.
Herko