Re: State of ampache: we should declare it unsupported
On Fri, Oct 04, 2019 at 04:45:16PM +0200, Sylvain Beucler wrote:
> The vulnerabilities are important and upstream does not provide any
> fixed release.
> This means all ampache installations (Debian and non-Debian) are at risk.
> It would be worth explaining the situation to upstream and requesting
> his explicit stance on the matter.
> I believe this will make the decision easier, and contribute to raise
> awareness about good security practices.
Someone already made such a request in the issue, to which the author
responded with the 39k line commit and the list of "specific changes"
buried therein. However, I am not opposed to making a more detailed and
thorough request with rationale to see if that might yield some useful
Roberto C. Sánchez