Re: eZ in Debian-Edu and on skolelinux.org?
On Thu, 2005-01-20 at 11:45, Petter Reinholdtsen wrote:
> [Herman Robak]
> > A suggested solution to this was to leave the Debian package as it
> > is. This package is a general package, which requires some manual
> > configuration performed in a shell. For Skolelinux, an additional
> > package, e.g. ez-edu, could be made. That package would depend on
> > the Jonas' generic package, and use scripts to set up a CMS with the
> > appropriate templates.
>
> As far as I can see, this will make it hard to do upgrades. Am I
> right?
>
> At least the current debian package is a "source" package, just
> providing the scripts which need to be copied into somewhere else.
Then an upgrade will require manual intervention, right?
> So 'aptitude upgrade' will not upgrade the production scripts,
> and fixed security errors might still be in the production system
> after the "source" package is upgraded.
Good point! This has to be addressed. One (inflexible) way to
fix this would be to lock the customisation package to one exact
version of the source package. Then an upgrade of the source
package would trigger an upgrade of the customiser.
How large portion of the eZ publish package can realistically
be read-only? Auto-upgrading files that are modified by users
and admins is fraught with problems.
<assumption>
Most security issues are likely to occur in php. Then some
in the configuration, and little in the data entered by the
user/admin. (considering exploitation risk)
</assumption>
--
Herman Robak
Reply to: