From: Tom Hutchison <tom(a)hutch4.us>
... this brings up a discussion about
Extensions flagged as a security risk and why the extension's code is
still available for download?
I've experienced the converse: an extension being removed because someone flagged it
as a security risk, only because it COULD be used in an insecure fashion.
By that test, LocalPreference.php should be flagged as a security risk.
The end result is that an SQL access extension that I regularly use responsibly (editing
limited to certain users, with page protection) is no longer receiving development
support.
Isn't it better to have a known risk exposed so that those who value the resource can
fix it, than to ban it, so hapless prior users are still vulnerable?
Flagging, good. Banning, bad.
----------------
:::: It is not possible to use enormous amounts of resources to address a resource
shortage. -- Mike Ruppert
:::: Jan Steinman, EcoReality Co-op ::::