Bug#402406: Proposed plan to fix acibase issues (was Re: Debian Etch has been frozen)
On Tue, Dec 12, 2006 at 07:05:51AM -0500, Kevin Johnson wrote: I guess I am confused at some of what is being suggested. I had recommend just removing the dependency on Image_graph and was told it was a half-assed idea? And if you remove the dependance, why would you remove the link? Change the error message on base_graph_common.php to reflect the needed PEAR install and you will be done. I have uploaded a new version with these changes. For reference, this is the patch I have included: a- removes the links to the graphic pages from the main page b- changes base_graph_common.php so it checks for the existence of Image::Graph *and* Image::Color (they are independent PEAR modules, both should be checked and not just one of them) through a new function (FindGraphingLib()). c- If both are present proceed, all well and good. d- If one of them is not produce an error message I believe that b) is appropiate to do upstream (it's not sufficient to just check for Image::Graph since if a user installs that module and not Image::Color [1] graphing is broken. If b) is applied then you can reuse most of the content in d) (all save for the Debian-specific messages related to bug reports and licenses). Regards Javier [1] Happens at least for Debian users that install the 'php-image-graph' package, since there is no (for license issues) a 'php-image-color' package. #! /bin/sh /usr/share/dpatch/dpatch-run ## remove_php_image_graph.dpatch by [EMAIL PROTECTED] ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Remove php image graph dependancies --- base-1.2.7.orig/base_main.php 2006-12-12 20:21:38.0 +0100 +++ base-1.2.7/base_main.php2006-12-12 20:22:51.0 +0100 @@ -318,7 +318,6 @@ /div/td/tr trtd align=center valign=top BA HREF=base_qry_main.php?new=1?php echo _SEARCH; ?/A/Bbr -BA HREF=base_graph_main.php?php echo _GALERTD; ?/A/Bbr A HREF=base_stat_time.php?php echo _GALERTDT; ?/Abrbr ?php DBLink(); ? /td/tr/table --- base-1.2.7.orig/base_graph_common.php 2006-12-12 20:24:12.0 +0100 +++ base-1.2.7/base_graph_common.php2006-12-12 21:19:34.0 +0100 @@ -25,6 +25,21 @@ // Some colors to be used in graphs. $named_colors = array('aliceblue','antiquewhite','aqua','aquamarine','azure','beige','bisque','black','blanchedalmond','blue','blueviolet','brown','burlywood','cadetblue','chartreuse','chocolate','coral','cornflowerblue','cornsilk','crimson','cyan','darkblue','darkcyan','darkgoldenrod','darkdray','darkgreen','darkhaki','darkorange','darkolivegreen','darkmagenta','darkorchid','darkred','darksalmon','darkseagreen','darkviolet','deeppink','deepskyblue','dimgray','dodgerblue','firebrick','floralwhite','forestgreen','fuchsia','gainsboro','ghostwhite','gold','goldenrod','gray','green','greenyellow','indianred','indigo','ivory'); +function FindGraphingLib($libfile) +{ +$found = false; +// Will search in Path +$paths = explode(PATH_SEPARATOR, ini_get('include_path')); +foreach ($paths as $path) { +$fullpath = $path . DIRECTORY_SEPARATOR . $libfile; +if (file_exists($fullpath)) { +$found = true; + break; +} +} +return $found; +} + function VerifyGraphingLib() { GLOBAL $debug_mode; @@ -41,30 +56,32 @@ } // We have to locate Image/Graph.php -- Alejandro -$file = Image/Graph.php; -$found = false; -// Will search in Path -$paths = explode(PATH_SEPARATOR, ini_get('include_path')); -foreach ($paths as $path) { -$fullpath = $path . DIRECTORY_SEPARATOR . $file; -if (file_exists($fullpath)) { -$found = true; - break; -} -} - -if ( $found ) { +// We have to locate Image/Color.php too -- Javier +if ( FindGraphingLib(Image/Graph.php) FindGraphingLib(Image/Color.php) ) { // Cool, file was found, so you have Image_Graph installed. -- Alejandro -include($file); +include(Image/Graph.php); return true; } else { // Sorry dude, you haven't finished your home work. -- Alejandro - echo PBError loading the Graphing library: /B. - PCheck your Pear::Image_Graph installation!. -P. -Image_Graph can be found here:. -at A HREF=\http://pear.veggerby.dk/\;http://pear.veggerby.dk//A. Without this . -library no graphing operations can be performed.; + echo PBError loading the Graphing libraries: /B. + PYou have to manually install Pear::Image_Graph and Pear::Image_Color if you want graphics. . + In Debian it is not sufficient to install the php-image-graph package . + since, due to license issues . + (see a href=\http://bugs.debian.org/401797\;Bug #401797/a and a href=\http://bugs.debian.org/402406\;Bug #402406/a) . + the Image_Color functionality is not available
Bug#402406: Proposed plan to fix acibase issues (was Re: Debian Etch has been frozen)
severity 402406 important thanks On Mon, Dec 11, 2006 at 10:26:32PM +0100, Daniel Rodriguez Garcia wrote: Therefore, I think the problem here is time. It would be a pity to lose this package for this silly thing. License issues are not a silly thing. They are rather important if we want to ship a free OS. Possible alternatives: 1) Cut out the graphics rendering functionality from ACIDBASE (not really essential, for me). A link for exporting data to a spreadsheet format would be enough. Currently I think that's the only viable option, remove the php-image-graph *and* ensure the package can work without it. I agree with Jeremy that providing a package that does not Depend: on php-image-graph but asks the user to use a mechanism which is outside the Debian package management system to install needed functionality is a no-no. If the dependency is removed then the maintainer must ensure that the package can fully work without it, even if that means stripping of PHP pages that depend on that library. That would imply (doing a cursory look at the PHP code): - remove the link from base_main.php to base_graph_main.php - do not include base_graph_form.php in base_main.php - modify base_graph_common.php so that it does not complain so loudly when Image/Graph is not found. Just say that the functionality is currently not available in Debian (due to license issues, point to the Bug report) and say that users that need it will have to install the PEAR modules. - document in NEWS.Debian why the graphs have been removed and when will they be reenabled in the front page. For reference, the bug to be referenced is #401797 *and* #402406 (do not reference #340730 or #335994) That way users will not see the PHP scripts used to make graphs and they will not (going through the GUI) get a big error saying you are missing something. While at the same time, users depending on them will still be able to reach the PHP scripts and see what happened. Does that sound like a plan? David, could you please change that and test that the changes I outline are sufficient? 2) A text based histogram (similar to that in main screen)? That would mean implementing something that substitutes the current functionality, not something feasible to do right now if we want to get this into etch. 3) Implement that functionality as a Java applet ?? i.e. optional functionality: you leave the problem of installing Java in their browsers to client users. That's also a no-no (you would get into the issue of how to compile the Java code to build the jar). Either the functionality is available for all users using *only* the Debian archive or it's not. Having people go through loops is uncalled for. Regards Javier signature.asc Description: Digital signature
Bug#402406: Proposed plan to fix acibase issues (was Re: Debian Etch has been frozen)
On Dec 12, 2006, at 4:54 AM, Javier Fernández-Sanguino Peña wrote: severity 402406 important thanks On Mon, Dec 11, 2006 at 10:26:32PM +0100, Daniel Rodriguez Garcia wrote: Therefore, I think the problem here is time. It would be a pity to lose this package for this silly thing. License issues are not a silly thing. They are rather important if we want to ship a free OS. I agree and understand. Possible alternatives: 1) Cut out the graphics rendering functionality from ACIDBASE (not really essential, for me). A link for exporting data to a spreadsheet format would be enough. Currently I think that's the only viable option, remove the php- image-graph *and* ensure the package can work without it. I agree with Jeremy that providing a package that does not Depend: on php-image-graph but asks the user to use a mechanism which is outside the Debian package management system to install needed functionality is a no-no. If the dependency is removed then the maintainer must ensure that the package can fully work without it, even if that means stripping of PHP pages that depend on that library. That would imply (doing a cursory look at the PHP code): - remove the link from base_main.php to base_graph_main.php - do not include base_graph_form.php in base_main.php - modify base_graph_common.php so that it does not complain so loudly when Image/Graph is not found. Just say that the functionality is currently not available in Debian (due to license issues, point to the Bug report) and say that users that need it will have to install the PEAR modules. - document in NEWS.Debian why the graphs have been removed and when will they be reenabled in the front page. I guess I am confused at some of what is being suggested. I had recommend just removing the dependency on Image_graph and was told it was a half-assed idea? And if you remove the dependance, why would you remove the link? Change the error message on base_graph_common.php to reflect the needed PEAR install and you will be done. For reference, the bug to be referenced is #401797 *and* #402406 (do not reference #340730 or #335994) That way users will not see the PHP scripts used to make graphs and they will not (going through the GUI) get a big error saying you are missing something. While at the same time, users depending on them will still be able to reach the PHP scripts and see what happened. Does that sound like a plan? David, could you please change that and test that the changes I outline are sufficient? Since the Debian package is not maintained by me or the project, it is you choice whether to do this. Kevin Kevin Johnson GCIA, GCIH, CISSP, CEH Principal Consultant Secure Ideas http://www.secureideas.net
Bug#402406: Proposed plan to fix acibase issues (was Re: Debian Etch has been frozen)
On Tue, Dec 12, 2006 at 07:05:51AM -0500, Kevin Johnson wrote: I guess I am confused at some of what is being suggested. I had recommend just removing the dependency on Image_graph and was told it was a half-assed idea? And if you remove the dependance, why would you remove the link? Change the error message on base_graph_common.php to reflect the needed PEAR install and you will be done. If you remove the dependancy without removing the link then users will click on a link that is bound to not work in any stock Debian installation. That confuses users. We want to ship something that works out of the box, not something that does not work and needs to be hacked on. Does that sound like a plan? David, could you please change that and test that the changes I outline are sufficient? Since the Debian package is not maintained by me or the project, it is you choice whether to do this. If you want to volunteer co-maintaining the package you are most welcome. Regards Javier signature.asc Description: Digital signature
Bug#402406: Proposed plan to fix acibase issues (was Re: Debian Etch has been frozen)
On Tue, Dec 12, 2006 at 10:54:11AM +0100, Javier Fernández-Sanguino Peña wrote: Currently I think that's the only viable option, remove the php-image-graph *and* ensure the package can work without it. I agree with Jeremy that providing a package that does not Depend: on php-image-graph but asks the user to use a mechanism which is outside the Debian package management system to install needed functionality is a no-no. If the dependency is removed then the maintainer must ensure that the package can fully work without it, even if that means stripping of PHP pages that depend on that library. I have implemented this in a new version of the acidbase packages. It is currently available at http://people.debian.org/~jfs/acidbase/ Could somebody test it in a Snort environment (I don't have the time to do it right now) and tell me if it works for you? Regards Javier signature.asc Description: Digital signature
Bug#402406: Proposed plan to fix acibase issues (was Re: Debian Etch has been frozen)
El mar, 12-12-2006 a las 21:40 +0100, Javier Fernández-Sanguino Peña escribió: On Tue, Dec 12, 2006 at 10:54:11AM +0100, Javier Fernández-Sanguino Peña wrote: Currently I think that's the only viable option, remove the php-image-graph *and* ensure the package can work without it. I agree with Jeremy that providing a package that does not Depend: on php-image-graph but asks the user to use a mechanism which is outside the Debian package management system to install needed functionality is a no-no. If the dependency is removed then the maintainer must ensure that the package can fully work without it, even if that means stripping of PHP pages that depend on that library. I have implemented this in a new version of the acidbase packages. It is currently available at http://people.debian.org/~jfs/acidbase/ Could somebody test it in a Snort environment (I don't have the time to do it right now) and tell me if it works for you? Regards Javier I have tested it and seems to work fine. Good job, Javier. The problem is solved for me. Regards, Daniel R.