User: Password:
Subscribe / Log in / New account

Distributions face the MoinMoin and Rails vulnerabilities

Distributions face the MoinMoin and Rails vulnerabilities

Posted Jan 10, 2013 12:34 UTC (Thu) by pboddie (guest, #50784)
In reply to: Distributions face the MoinMoin and Rails vulnerabilities by justincormack
Parent article: Distributions face the MoinMoin and Rails vulnerabilities

MoinMoin should be usable for hosting multiple Wiki instances using the Debian package for the software. In fact, I think it uses the "Wiki farm" configuration model by default.

You're certainly right about people going outside the packaging system for Web applications, at least for the ones where they are following the development of the software and want the latest features as they get delivered. This isn't always a great experience, though: language-specific deployment systems may neglect things like proper integration with the system (you have to write your own init script or search for one on the net) and dependencies beyond the language ecosystem, leaving you having to manage a lot of separate software installations either manually or by leaning on various repositories that don't provide the same level of confidence that, say, the Debian repositories provide with all their safeguards.

I feel that those pushing language-specific software management neglect the fact that a lot of people deploying software are doing so without an intimate knowledge of (or enthusiasm for) the implementation technologies. For that audience, having a stream of updates from a reliable source is far more important than the absolute latest code coming from a collection of different repositories controlled by a range of differing language-specific tools.

(Log in to post comments)

Distributions face the MoinMoin and Rails vulnerabilities

Posted Jan 10, 2013 13:19 UTC (Thu) by justincormack (subscriber, #70439) [Link]

Thats good that MoinMoin can, I have never used it but this has been my experience with other packages. Often it is not Debian's fault it is how the upstream is designed.

Also scripting languages are really pushing their own package management solutions not distro package management.

I also agree that packaging is a good thing, especially for security, but the upstreams do not seem that interested, and as you see for MoinMoin the number of distros that package it is small anyway, so the upstream will often give one set of instructions. Look at MoinMoin they don't give Debian instructions but their Ubuntu ones are here and it only mentions the official package install right at the end.

The worst thing about these instructions is there is no mention of security and upgrading at all. Sadly I think most of the web app world is like this, and it will get worse.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds