Bug#760836: owncloud: should not recommend libreoffice
On 13/09/14 02:48, David Prévot wrote: > Given the historical status of avconv/ffmpeg about security issues, > maybe a “small cost” is overrated. Furthermore, “various [but not all] > office files” preview generation used to be provided by some fall-back > code that has been dropped for a while, so that part of the upstream > documentation is actually outdated. Noted. > > I just went with demoting all preview generation to Suggests, and > expanded the README about additional packages. Thanks! -- Jonathan Wiltshire Tiger Computing Ltd "Linux for Business" Tel: 01600 483 484 Web: http://www.tiger-computing.co.uk Follow us on Facebook: http://www.facebook.com/TigerComputing Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR signature.asc Description: OpenPGP digital signature
Bug#760836: owncloud: should not recommend libreoffice
Hi, On Fri, Sep 12, 2014 at 11:00:08AM +0100, Jonathan Wiltshire wrote: > On 08/09/14 17:10, David Prévot wrote: > > If we are to consider demoting this recommended tool to a suggestion, > > why shouldn’t we do the same of the other tools used for thumbnails, as > > documented in the README (and the upstream admin documentation pulled in > > via owncloud-doc)? > > I think there's a balance to be struck here between easy and lightweight > things and heavy things; for example, thumbnails for "PDF, svg, text, > images, movies, mp3 and various [but not all] office files" rely only on > imagemagick and avconv/ffmpeg, which are a small cost. Given the historical status of avconv/ffmpeg about security issues, maybe a “small cost” is overrated. Furthermore, “various [but not all] office files” preview generation used to be provided by some fall-back code that has been dropped for a while, so that part of the upstream documentation is actually outdated. I just went with demoting all preview generation to Suggests, and expanded the README about additional packages. https://anonscm.debian.org/cgit/pkg-owncloud/owncloud.git/commit/?id=bf313650f728968f8f32f782b6ba499f83e9a651 Regards David signature.asc Description: Digital signature
Bug#760836: owncloud: should not recommend libreoffice
On 08/09/14 17:10, David Prévot wrote: >> This isn't really very nice on a server for what is optional >> functionality. > > Are the thumbnails really an optional functionality? I mean, they are > provided by default, unless there are missing dependencies. Installing > the needed packages to enable this feature seems to match the policy > wording about Recommends (“The Recommends field should list packages > that would be found together with this one in all but unusual > installations.” 7.2). They certainly aren't core functionality; that is, I could quite happily use ownCloud without them and never know the difference. I think this is preferable to installing such a long list of dependencies, and it's not like I can't install them if I do want thumbnails. >> I realise this is Recommends, not Depends, and that functionality can be >> disabled. But we foresee this tripping up our engineers in the future, >> and an accidental upgrade installing a raft of things we don't want. > > Is this bug actually about “bad” admins that may break the expectations > of “good” admins? Is that the reason why you believe this issue is of > important severity? No, this is about not installing by default such a large amount of desktop packages on a server. In general having recommends by default is a good thing, but we should be careful not to undermine that by forcing people to disable them for ownCloud. >> Patch attached, with a slight difference from upstream: >> libreoffice|libreoffice-writer gives users the opportunity to just have >> libreoffice-writer if they wish. > > I’m not sure to follow the rationale of suggesting libreoffice-writer as > an alternative (one may install whatever they want if they feel the need > to, independently of what any package may suggest). The people > suggesting libreoffice-writer in the upstream thread have been corrected > more than once, what’s your rationale? Nevertheless that package that falls out of their repository at the moment Suggests:libreoffice-writer. I have no strong feelings either way, and I agree that a simpler dependency is cleaner. > If we are to consider demoting this recommended tool to a suggestion, > why shouldn’t we do the same of the other tools used for thumbnails, as > documented in the README (and the upstream admin documentation pulled in > via owncloud-doc)? I think there's a balance to be struck here between easy and lightweight things and heavy things; for example, thumbnails for "PDF, svg, text, images, movies, mp3 and various [but not all] office files" rely only on imagemagick and avconv/ffmpeg, which are a small cost. -- Jonathan Wiltshire Tiger Computing Ltd "Linux for Business" Tel: 01600 483 484 Web: http://www.tiger-computing.co.uk Follow us on Facebook: http://www.facebook.com/TigerComputing Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR signature.asc Description: OpenPGP digital signature
Bug#760836: owncloud: should not recommend libreoffice
Hi Jonathan, Thanks for your interest in this Debian package. On Mon, Sep 08, 2014 at 11:48:30AM +0100, Jonathan Wiltshire wrote: > Package: owncloud > Version: 7.0.2+dfsg-1 > Severity: important > This isn't really very nice on a server for what is optional > functionality. Are the thumbnails really an optional functionality? I mean, they are provided by default, unless there are missing dependencies. Installing the needed packages to enable this feature seems to match the policy wording about Recommends (“The Recommends field should list packages that would be found together with this one in all but unusual installations.” 7.2). > I realise this is Recommends, not Depends, and that functionality can be > disabled. But we foresee this tripping up our engineers in the future, > and an accidental upgrade installing a raft of things we don't want. Is this bug actually about “bad” admins that may break the expectations of “good” admins? Is that the reason why you believe this issue is of important severity? > Patch attached, with a slight difference from upstream: > libreoffice|libreoffice-writer gives users the opportunity to just have > libreoffice-writer if they wish. I’m not sure to follow the rationale of suggesting libreoffice-writer as an alternative (one may install whatever they want if they feel the need to, independently of what any package may suggest). The people suggesting libreoffice-writer in the upstream thread have been corrected more than once, what’s your rationale? If we are to consider demoting this recommended tool to a suggestion, why shouldn’t we do the same of the other tools used for thumbnails, as documented in the README (and the upstream admin documentation pulled in via owncloud-doc)? Regards David signature.asc Description: Digital signature
Bug#760836: owncloud: should not recommend libreoffice
Package: owncloud
Version: 7.0.2+dfsg-1
Severity: important
Tags: patch
Forwarded: https://github.com/owncloud/core/issues/6355
Hi,
owncloud currently Recommends:libreoffice. With apt's default behaviour,
this means pulling in over 500MB of packages including chunks of X,
Java, etc. This isn't really very nice on a server for what is optional
functionality.
I realise this is Recommends, not Depends, and that functionality can be
disabled. But we foresee this tripping up our engineers in the future,
and an accidental upgrade installing a raft of things we don't want.
Upstream already dealt with this problem and demoted libreoffice to
Suggests:libreoffice-writer. Therefore, please follow this and do the
same in Debian.
Patch attached, with a slight difference from upstream:
libreoffice|libreoffice-writer gives users the opportunity to just have
libreoffice-writer if they wish.
Thanks,
--
Jonathan Wiltshire
Tiger Computing Ltd
"Linux for Business"
Tel: 01600 483 484
Web: http://www.tiger-computing.co.uk
Follow us on Facebook: http://www.facebook.com/TigerComputing
Registered in England. Company number: 3389961
Registered address: Wyastone Business Park,
Wyastone Leys, Monmouth, NP25 3SR
diff -Nru a/debian/control b/debian/control
--- a/debian/control 2014-09-05 07:30:03.0 +0100
+++ b/debian/control 2014-09-08 11:43:41.0 +0100
@@ -50,7 +50,6 @@
${misc:Depends}
Recommends: exim4 | mail-transport-agent,
libav-tools,
-libreoffice,
php-aws-sdk,
php-crypt-blowfish (>= 1.1.0~RC2-2~),
php-dropbox,
@@ -64,7 +63,8 @@
php5-mcrypt,
smbclient
Suggests: libapache2-mod-xsendfile,
- mysql-server | virtual-mysql-server | postgresql
+ mysql-server | virtual-mysql-server | postgresql,
+ libreoffice | libreoffice-writer
Provides: owncloud-mysql, owncloud-pgsql, owncloud-sqlite
Conflicts: owncloud-mysql, owncloud-pgsql, owncloud-sqlite
Replaces: owncloud-mysql, owncloud-pgsql, owncloud-sqlite
signature.asc
Description: OpenPGP digital signature
