WordPress.org

Ready to get started?Download WordPress

Forums

gentoo hard-masked wordpress due to too many... (10 posts)

  1. DancesWithWords
    Member
    Posted 7 years ago #

    I just tried to upgrade my 2.0 version of WordPress to 2.1.1 and found out that WordPress has been removed from standard circulation to due to numerous security vulnerabilities. http://bugs.gentoo.org/show_bug.cgi?id=168529 It is a sad day when such a popular app such as this gets hit with sort of thing. I'm hoping that developers at WordPress take note and move quick to sort these concerns. Until I know I can trust this software again I've removed it from my server. I've looked at other blog software, but I like this the best so I'm hoping for a quick resolution. Maybe if things have been addressed someone from WordPress can contact the Gentoo folk and get WordPress back in standard circulation.

    --
    DancesWithWords

  2. vkaryl
    Member
    Posted 7 years ago #

    Well, there's a fix.... 2.1.2....

  3. DancesWithWords
    Member
    Posted 7 years ago #

    I've posted a request on the gentoo programming forum for more info on this. I've had one response from one of the Gentoo Dev's and he does not seem to be satisfied that 2.1.2 address all GLSA concerns. But let me quote him "it will probably last for a while, as it has had a stream of security issues lately." This was his response to how long wordpress maybe out of the standard installation stream.

    Not the answer I was hoping for.

    --
    DancesWithWords

  4. vkaryl
    Member
    Posted 7 years ago #

    *shrug* I'm not using the 2.1 branch at all, and I'm certainly not using any wp with gentoo.... but then again, if my OS decided I couldn't use something because my OS thought it was "against my best interests", I'm pretty sure I'd:

    A. NOT be a happy camper; and

    B. find another OS.

  5. DancesWithWords
    Member
    Posted 7 years ago #

    Just different perspectives, for me a secure OS is more important than one possibly insecure app. Thing is if I was a competent programmer I might be able to deal with these problem myself and still be able to run WordPress. Gentoo reflect my choices as well, when it come to security I'd rather be conservative.

    I'll be patient and wait until WordPress once again meets the security standards of my OS and I'll re-install. In the meantime I'll do without or use something else.

    I due appreciate your feedback though.

    --
    DancesWithWords

  6. vkaryl
    Member
    Posted 7 years ago #

    Nope, opinion, not feedback.... and in over 20 years with various MS OSes, I haven't had one security incursion, virus, worm etc.

    So I don't really worry much, because what I do works. And I do NOT allow the OS to decide what programs I run.

  7. DancesWithWords
    Member
    Posted 7 years ago #

    I find it difficult to believe not that you said that you run Windows and if you been running Windows for 20 years then that does not necessarily make you an expert on OS's. If fact it argues the opposite of it.

    --
    DWW

  8. whooami
    Member
    Posted 7 years ago #

    Restating the obvious, (obviously),

    Ultimately, its up to the people that develop Gentoo to decide what comes with the distribution -- thats the way it is.

    The "good" thing is that they actually pay attention to these things, which pleases me, as a *NIX lover and user.

    It's a priveledge to be included within any LINUX/BSD distro and maybe a revocation of that priveledge is what's needed to clean up the code here, as it were.

    Frankly, and this is just one person's opine : that branch was hastily released, again, in my opinion, just to meet a date, and that's not how software ought to be developed, or released.

    And unfortunately, Matt is seemingly intent on continuing to use timelines to dictate his release schedule. (I would love to provide the link where he hashes out the dates - but I cannot find it currently. I just know I saw it a few weekes ago.)

  9. drmike
    Member
    Posted 7 years ago #

    I'm more wondering how many security issues Gentoo has had over the years. :)

    Any when they plan on masking Apache for all of their security issues they've had as well.

    Anyone else think that maybe, just maybe, those folks are overdoing it just a tad?

  10. whooami
    Member
    Posted 7 years ago #

    Last time I checked Apache had not had a server compromised had they?

    Meaning that the server itself that hosted the files had not been compromised.

    And Gentoo has had plenty though I'm not sure what that has to do with anything. And it's really a moot point. Like it or not, it's up to them.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.