Martin Sourada wrote:
Thanks for the info. Looks like the gallery2 would satisfy our needs
pretty good. The only two issues I noticed is the missing integration
with FAS (which might be already in progress, as noted by Ricky), and
easy way to handle images sources (which is not a show-stopper for us,
though it would be nice if we could implement that nicely as well).
I guess we could set-up a test gallery2 implementation on one of our
fedorapeople accounts and if it works well, ask for transferring it to
art.fedoraproject.org here?
We also need to decide if we want to run the software in Fedora
Infrastructure.
Searching for CVEs was somewhat hard since gallery is a common name for
photo gallery software. I found 5 CVE's against Menalto Gallery this
year and 9 last year. There are other CVE's that weren't picked up in
my search as they did not identify gallery as "menalto" (I googled and
found references...) I'm not sure how this compares to other gallery
software but it is less than phpnuke, drupal, and other things that I
have been against.
We do not yet have SELinux turned on on our app servers (although
lmacken and dwalsh have gotten us much closer recently). I am pretty
sure we do have mod_security deployed. Do we feel comfortable with
this? What are the alternatives that fit the criteria and are they worse?
-Toshio