manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: Release?
Date Fri, 10 Dec 2010 14:41:20 GMT
I do not agree there are known vulnerabilities.
Karl

On Fri, Dec 10, 2010 at 9:36 AM, Grant Ingersoll <gsingers@apache.org> wrote:
> I think if there are known vulnerabilities, we need to fix them.
>
> On Dec 10, 2010, at 6:01 AM, Karl Wright wrote:
>
>> You can be serious about security without agreeing on the remediation.
>> This software certainly adhered to MetaCarta standards and was
>> audited by government agencies as well.  I understand your position,
>> but I don't know if everyone will see it in a similar way, since a
>> code audit highlights no problems at this time, because quoteSQLString
>> is used only on constant values.  What do others think?  If the
>> incubator would prohibit release on this basis, how in the heck did
>> solr ever get released?
>>
>> Karl
>>
>> On Fri, Dec 10, 2010 at 8:50 AM, Robert Muir <rcmuir@gmail.com> wrote:
>>> On Fri, Dec 10, 2010 at 8:42 AM, Karl Wright <daddywri@gmail.com> wrote:
>>>>  Do you believe that this is a
>>>> requirement for an initial release?  If so, I believe we should
>>>> suspend plans for that release and revisit it in February or March.
>>>>
>>>
>>> I'll certainly go along with whatever everyone feels on this one... it
>>> was just always my impression that Apache was pretty serious about
>>> security, but I'm not really sure how this applies to incubating
>>> projects etc.
>>>
>>> I thought it was relevant especially since the Solr Wiki says: The
>>> recommended way to add document level security to your search is
>>> through Apache Lucene Connector Framework (LCF).
>>>
>>> http://wiki.apache.org/solr/SolrSecurity
>>>
>
>
>

Mime
View raw message