Re: State of ampache: we should declare it unsupported
On Fri, Oct 04, 2019 at 04:45:16PM +0200, Sylvain Beucler wrote:
> Hi,
>
> The vulnerabilities are important and upstream does not provide any
> fixed release.
> This means all ampache installations (Debian and non-Debian) are at risk.
>
> It would be worth explaining the situation to upstream and requesting
> his explicit stance on the matter.
>
> I believe this will make the decision easier, and contribute to raise
> awareness about good security practices.
>
Someone already made such a request in the issue, to which the author
responded with the 39k line commit and the list of "specific changes"
buried therein. However, I am not opposed to making a more detailed and
thorough request with rationale to see if that might yield some useful
information.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: