Ola Lundqvist wrote:
> > > I haven't managed to find any more bugs relating to this particular
> > > security hole that isn't fixed by the previous patch in this bug
> > > report. kronolith seems to be fairly badly coded wrt security
> > > issues though. I'd suggest depreciating kronolith1 and forcing
> > > people on to kronolith2, whcih although only a little better, is
> > > actually supported upstream.
> >
> > The problem is that kronolith2 depends on version 3 of the horde
> > framework (rather than version 2), that the two versions of horde
> > cannot meaningfully cooperate and there are still some horde2
> > applications that have not been ported to horde3. Basically, upstream
> > has abandoned horde2 before they ported all their OWN code to horde3.
> >
> > So dropping horde2 is a regression, which explains why we haven't done
> > it yet. But I'm toying with the idea, as we cannot meaningfully
> > support it anyway. Ola, your opinion?
>
> If kronolith1 (named kronolith) can not be fixed, and is not supported
> at all by upstream I think we should drop it.
It seems to be removed already.
Regards,
Joey
--
Everybody talks about it, but nobody does anything about it! -- Mark Twain
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
