[Mageia-dev] A comparison of forum software from a security POV

[Tux99]

On Mon, 27 Sep 2010, Romain d'Alverny wrote:

> What would be an additional important figure is, how long has it been
> for each vulnerability to be fixed; how many users each has had, etc.
> 
> Plus, what type of vulnerability. Plus, for what branch of the
> software (I guess, for instance, phpBB 2.x and 3.x are a bit
> different).

You are right but all that requires a lot more time to investigate which 
I currently don't have.
But in any case it's hard to argue with 7 (fudforum) vs. 723 (phpBB). 

 
> What we do need is a forum that matches our needs; actually pretty
> basic, but maybe for having good admin features, excellent
> hackability, extensability, being well documented, having a nice
> community of developers around it. 

Agreed and I'd say that all of the FOSS packages I listed generally 
fulfill these criteria (each with their own strong points).


> So, requirement #1: open source license (as in http://opensource.org/ ).

Well out of the ones I listed that is:
phpBB - GPL
myBB - GPL
FUDforum - GPL

this page is also quite useful:
http://en.wikipedia.org/wiki/Comparison_of_Internet_forum_software_(PHP)

I was actually doing this comparison not primarily for the future 
Mageia forum, but because I'm looking for a good forum software for a 
personal project.

I had mostly decided to take myBB since it has a very good reputation 
and is considered relatively secure (and this check I did confirms 
that), but since I discovered FUDforum a few days ago and tested it on 
the weekend I have now decided that FUDforum is the ideal choice for me 
(and IMHO also for the Mageia forum).


> Parts of it were heavily hacked back in the days. Still, yes, it's
> sort of a miracle somehow. :-)

I guess these days sadly Mandriva is too unimportant to be a target of 
hackers.