Your message dated Wed, 08 Oct 2014 13:34:37 +0200
with message-id <1412768077.4070.40.camel@bulma>
and subject line Re: Bug#762524: Embeded code copy
has caused the Debian Bug report #762524,
regarding Embeded code copy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
762524: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762524
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openacs
Severity: normal
Tags: security

Hi,

I just noticed that the openacs package embeds a copy of the php-getid3
code instead of depending on the Debian package inside the following
directory:

/usr/share/openacs/packages/acs-templating/www/resources/xinha-nightly/plugins/MootoolsFileManager/mootools-filemanager/Backend/Assets/getid3

Please consider fixing that in time for Jessie.

Regards

David

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message ---
Control: tag -1 wontfix

Hi David,

Thanks for your bug report! The php-getid3 included in openacs as part
of the mootools file manager plugin of the Xinha editor is not really
used. Openacs is tcl based, and does not execute php code at all. Also,
aolserver itself, in the way it is packaged in debian, can not interpret
php. Only the javascript part of Xinha (and other applications) is used,
and all the php code seem to be leftovers, and its functionality
reimplemented in tcl code.

As the php code is never executed, there is no security risk in having
it there, and i think it is not reasonable to add an external php
dependency to the package. Also, if necessary, i can remove it safely in
the package build process.

However, i will contact upstream and ask them to remove these php
leftovers to avoid confusions in the future.

Kind regards,

Héctor Romojaro

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---

Reply via email to