Extensions with security issues: only remove download?
Posted: Tue Aug 22, 2006 5:54 am
I posted this info in http://forum.joomla.org/index.php/topic ... #msg446094 but I think this topic is more suitable for this discussion.
Currently Extensions with security issues are removed from the extensions directory. Then it is not possible (or very difficult) to find and download a certain extension that has a known vulnerability. On the other hand, by removing the extention from that Extension site, all info about the extension (and hyperlinks from the forum to that extension) is lost!
I would prefer the Extensions site to have only the download button being removed, and a security warning included. Plus which version number of the component was at risk + known manual safety hacks. Then all info about the component/module/plugin stays at the same place. Now the Attention: Official List of Vulnerable 3rd Party Add-ons!!! http://forum.joomla.org/index.php/topic,79477.0.html thread is a great source for the safety of 3rd party extensions. But I would prefer that info with the components themselves at the Extensions site.
I am fully aware that my opinion would cost a lot of programming. Furthermore I have not thought a lot about the disadvantages of a system like this, so if you have any negative points about my idea, please post those too....
Currently Extensions with security issues are removed from the extensions directory. Then it is not possible (or very difficult) to find and download a certain extension that has a known vulnerability. On the other hand, by removing the extention from that Extension site, all info about the extension (and hyperlinks from the forum to that extension) is lost!
I would prefer the Extensions site to have only the download button being removed, and a security warning included. Plus which version number of the component was at risk + known manual safety hacks. Then all info about the component/module/plugin stays at the same place. Now the Attention: Official List of Vulnerable 3rd Party Add-ons!!! http://forum.joomla.org/index.php/topic,79477.0.html thread is a great source for the safety of 3rd party extensions. But I would prefer that info with the components themselves at the Extensions site.
I am fully aware that my opinion would cost a lot of programming. Furthermore I have not thought a lot about the disadvantages of a system like this, so if you have any negative points about my idea, please post those too....