On Thu, Jun 4, 2009 at 8:00 AM, David Nalley <[email protected]> wrote: > On Thu, Jun 4, 2009 at 6:23 AM, Paulo Cavalcanti <[email protected]> wrote: > > Hi, > > > > I submitted ampache (http://ampache.org/) for review, but I was told > that it > > could not use any external software > > bundled in the code. In fact, it uses getid3, a file that seems to come > from > > horde (horde/Browser.php), > > and some others. > > > > According to the weekpedia (http://en.wikipedia.org/wiki/Ampache) > > > > "Ampache has been featured in numerous online blogs and technical > articles. > > One of the more notable was the O'Reilly book Spidering Hacks which > tested > > the security of online applications. Ampache was found to be immune to > > standard spidering hacks as described in the O'Reilly article, and it has > > continued that trend by focusing on security during its development. The > > Code Philosophy listed on Ampache's wiki specifically lists security as > one > > of those most important considerations during application development." > > > > Does it make any sense to fiddle something that has always had security > as a > > prime concern? > > > > Any comment is welcome. > > > > Thanks. > > > > -- > > Paulo Roma Cavalcanti > > LCG - UFRJ > > > > -- > > fedora-devel-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/fedora-devel-list > > > > > Perhaps I am the least well suited to respond as I did some of the > initial review.
No, on the contrary. > > However, there are at least 10 bundled libraries with ampache, > including pear-XML_RPC, nusoap, getid3, small snippets from Horde, > captchaphp, php-Snoopy, etc. > > In addition to the security benefits, creating the separate package > means other packages (even other web apps) can make use of the > libraries that would be available in Fedora instead of just ampache. > I can empathize with the extra work that this causes, as I am trying > to fix a few of these problems with another web app. > > Maybe we can list all of the packages we would like to have for web applications, and try to set a "task force" to cope with them? I think if we had three or four people willing to help, the work would be concluded fast. There are always people looking forward to contributing, but without a good package to work with. -- Paulo Roma Cavalcanti LCG - UFRJ
-- fedora-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-devel-list
