manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <>
Subject Re: Release?
Date Fri, 10 Dec 2010 14:36:13 GMT
I think if there are known vulnerabilities, we need to fix them.

On Dec 10, 2010, at 6:01 AM, Karl Wright wrote:

> You can be serious about security without agreeing on the remediation.
> This software certainly adhered to MetaCarta standards and was
> audited by government agencies as well.  I understand your position,
> but I don't know if everyone will see it in a similar way, since a
> code audit highlights no problems at this time, because quoteSQLString
> is used only on constant values.  What do others think?  If the
> incubator would prohibit release on this basis, how in the heck did
> solr ever get released?
> Karl
> On Fri, Dec 10, 2010 at 8:50 AM, Robert Muir <> wrote:
>> On Fri, Dec 10, 2010 at 8:42 AM, Karl Wright <> wrote:
>>>  Do you believe that this is a
>>> requirement for an initial release?  If so, I believe we should
>>> suspend plans for that release and revisit it in February or March.
>> I'll certainly go along with whatever everyone feels on this one... it
>> was just always my impression that Apache was pretty serious about
>> security, but I'm not really sure how this applies to incubating
>> projects etc.
>> I thought it was relevant especially since the Solr Wiki says: The
>> recommended way to add document level security to your search is
>> through Apache Lucene Connector Framework (LCF).

View raw message