emergency upload request for TWiki
Vincent, and DD's
I've finally placed a new twiki 4.1.2-4 deb at
http://distributedinformation.com/TWikiDebian/twiki_4.1.2-4_i386.changes
I have put the session files into /var/lib/twiki/tmp and am using
TWiki's built in settings to auto remove session files after 6 hours.
Could someone please upload it for me so it can go into Lenny?
Sven
Vincent Bernat wrote:
> OoO Pendant le temps de midi du samedi 16 août 2008, vers 12:36, Sven
> Dowideit <SvenDowideit@home.org.au> disait :
>
>> frustratingly, I'm not a DD
>> and Worse. I have an emergency update to TWiki for a security issue that
>> needs fixing for Lenny, but I have no DD to help me upload it
>
>> Anyone here willing to do a quick package upload of TWiki in the next
>> day?
>
> Hi Sven!
>
> I would be happy to upload your fix but I disagree with it. As pointed
> by Olivier at the end of the bug report, /tmp can be flushed at boot or
> by some cronjobs. Therefore, you cannot ensure that the twiki directory
> still exists when twiki will be running.
>
> I cannot give an universal solution, but in Roundcube, we use
> /var/lib/roundcube/temp and we provide a cron job that will clean it
> every m days where <m> can be set by the user in /etc/default/roundcube
> (and I just noticed that this is broken... will upload a fix). This way,
> we don't fill up /var but we don't rely on anything in /tmp. Moreover,
> we don't have to handle a complex script in postinst to circumvent
> symlinks attacks.
>
> The problem with webapps is that we don't have a clear policy of what to
> do. You can just look at other packages, like phpmyadmin, mediawiki,
> etc. Each attempt to establish a webapps policy seems to be aborted.
--
Professional Wiki Innovation and Support
Sven Dowideit - http://DistributedINFORMATION.com
A WikiRing Partner - http://wikiring.com
Public key -
http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on
Reply to: