Re: Bug#504758: gforge-plugins-extra ships security issues-prone code copies
Roland Mas wrote:
> tag 504758 + help
> The way I see it, there are three ways out:
> - prepare a new upload that doesn't contain this binary package, and
> leave users with the task of getting the code from the source
> package and installing it by hand;
> - ignore this bug for lenny, since one could argue that the code isn't
> actually made operational by the mere installation of the package;
> - actually patch the code to use system-provided packages, and update
> dependencies accordingly. This has already been done for some
> libraries (Snoopy and FCKeditor), and it's not a huge task, but I
> probably won't have time to tackle it before the lenny release
> (real-life time constraints abound).
Both the first and the second option seem fine.
If you choose the second, please upload a package, which adds
a README.security (or add it to README.Debian if present), which
describes that these plugins need to be configured and maintained
by the local admin. We'll than add it to the debtag list of packages
not covered by security support.
For Squeeze we can then switch to the system wide packages.