Re: Forum Software

From: Scott Marlowe <smarlowe(at)g2switchworks(dot)com>
To: Harry Jackson <harryjackson(at)gmail(dot)com>
Cc: pgsql general <pgsql-general(at)postgresql(dot)org>
Subject: Re: Forum Software
Date: 2006-01-03 15:33:50
Message-ID: 1136302430.14530.4.camel@state.g2switchworks.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Fri, 2005-12-30 at 16:39, Harry Jackson wrote:
> On 12/30/05, Scott Marlowe <smarlowe(at)g2switchworks(dot)com> wrote:
> >
> >
> > On 12/30/05, Raymond O'Donnell <rod(at)iol(dot)ie> wrote:
> >
> > QUOTE:
> > I used it once (2004) because it supported Postgres. It got hacked in
> > under a month. I admit that this was a one off but having searched
> > around the Internet for various bulletin board software there seem to
> > be no end of problems with phpbb with regards security. I have even
> > come across articles claiming that the phpbb team try not to publish
> > all their exploits but rather blame PHIP [0] itself and they have a
> > tendency to ignore certain exploits in any releases that are not
> > current.
> > UNQUOTE:
> >
> > That's hardly fair. PostgreSQL also ignores security issues on older
> > versions. If you're running 8.0.0 and a security fix came out in 8.0.1,
> > it's your fault, not the PGDG folks.
>
> Actually a security hole being found is not really anyones fault [0]
> it just happens and then something has to be done by the user who has
> the software on his system.

Let me clarify. If you're running 8.0.0 and there's a security fix out
for 8.0.1 and you get bitten by said security bug, it IS YOUR fault,
because you didn't upgrade.

> Would the people on here ignore requests for help regardless of
> version. I am sure if the case was stong enough someone would give you
> a hand, perhaps they wouldn't but I am not reading on blogs how the

Actually, if you're running an old enough version, that's exactly what
will happen. We have a fairly large and capable community, but no one's
gonna put a lot of effort into fixing / working around a security bug
from V 6.5.3 or 7.1 or something like that.

PHPBB chooses to maintain, security-wise, the latest main branch, which
is quite common for smaller, fast moving projects, and completely
understandable. Rather one well maintained, quickly fixed branch than
any number that aren't. Of course, we'd all like to see all old
versions supported / maintained. And a pony too. But ya get what ya
get. And as far as updates to phpbb go, they're pretty timely, if only
on the latest main branch.

> > I've had nothing but good luck with PHPBB.
>
> And I am truly happy for you. I would have loved phpBB to have been my
> silver bullet. I may yet need to use it again because I can find
> nothing else that will do the job. For all its faults its most
> certainly filling a gap in the market.
>
> I don't want to use phpBB and I will need to be dragged kicking and
> screaming to drink from that well again but were needs must, better
> the devil you know.

Have you looked at agora? Not as many fancy features, but it is a
nicely threaded message system. For many people the extra features,
like attachments and such, that phpBB have make it a must have, but I
found agora to be a much nicer bulletin board, in terms of how it
displays threads and all.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Marc Philipp 2006-01-03 15:46:35 PostgreSQL Arrays and Performance
Previous Message Tom Lane 2006-01-03 15:32:12 Re: Query in postgreSQL version Windows