(keeping [EMAIL PROTECTED] out of the CCs as I think
this becomes quite specific to twiki's packaging and not so much about
translations)
Le samedi 28 juin 2008 à 18:04 +1000, Sven Dowideit a écrit :
> I would suggest using 'TWiki Configure User & Password' and setting the
> configure save pwd to the same thing.
I see your point.
Well... in the proposed patch for an NMU I haven't (yet) tried and do
something about the configure script's internal save password.... I
don't know actually how this is encrypted and such.
That would make sense to change it from the package's scripts too... but
leads to more testing and less time to market considering a security
issue (we already added more delay with templates discussions) :-/
> (and making the username for it
> 'admin')
>
Of course providing a better transition path for next package would be
better.
I guess the 'configuser' debconf variable should probably be renamed as
'adminuser' and its default value in template 'admin' then.
I'll provide an updated patch for Christian real soon now so that the
templates are dispatched to translators (btw, I fixed some minor issue
with the password resetting I hadn't noticed in previous tests :( ).
> That way it will not need to change for the 4.2.x package, where there
> is an internal admin user, whose password is the same as the configure
> save password, and will also be used to authenticate to get to the
> configure script.
>
>
> I might still hammer out a 4.2.0 package tomorrow, but no breath holding
> please.
>
I guess that if you provide a 4.2 package soon, at the same time as the
patch for 4.1.2 is prepared, uploading by your sponsor should be
coordinated with Christian Perrier's one, to avoir locking each-other.
I'd propose 4.1.2-3.2 to be going to testing/testing-security real fast
(via unstable), and 4.2 be kept in experimental in the meantime maybe...
just to be sure it's mature enough for the freeze... I'd better welcome
a 4.1.2 more secure and tested in lenny, than a not yet fully tested
4.2... but you may have a better view of the advantages of 4.2 of
course.
Anyway, good luck for that new package.
Best regards,
>
> Sven
>
> Justin B Rye wrote:
> > Olivier Berger wrote:
> >> *Should be "apache" in all three.*
> >>
> >> By "apache user", I mean something which relates to Require user in the
> >> apache.conf section of the 'configure' script... of course, this assumes
> >> that it's running apache and no other web server ;)
> >>
> >> In any case, that's meant to differenciate from "TWiki users", which are
> >> managed "inside twiki".
> >
> > I'm still not quite convinced by the expression "apache user", but I
> > can't decide what alternative I'd suggest.
> >
> > The trouble with "apache user" is that it might mean the local
> > system's www-data, or maybe the owner of the computer, rather than
> > a browser-user authenticated via mod_auth_basic...
> >
> > _Description: User allowed access to 'configure' script
> > Please enter the name of the **** user who will be allowed
> > to run the configure script at ${site}/cgi-bin/configure.
> >
> > _Description: Password for ${configuser}:
> > Please enter the password of the **** user who will be allowed
> > to run the configure script at ${site}/cgi-bin/configure.
> >
> > Where "****" is... "HTTP"? "authenticated"? "htpasswd"?
>
--
Olivier BERGER <[EMAIL PROTECTED]>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
