[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: egroupware (fixes critical bug)

Hi Lars,

take for example phpgwapi/inc/class.phpmailer.inc.php
It's license is LGPL and the authors are not listed in debian/copyright.

I know, that eGW has accumulated in it's history a shitload of code from all 
sorts of other PHP projects. There are many classes from PEAR and Horde. 
You'll have a hard time to document all this in the debian/copyright file. - 
And without a proper and exact debian/copyright the package may not enter 
Debian.

I don't mean to be picky about this just out of pickiness, but it's only one 
symptom of manys that eGW is a rotten codebase that should not be kept alive.

And when you're done with documenting all copyrights, let's start to fix all 
security issues. It shouldn't take to long to pick a handful. 

phpgwapi/inc/class.kses.inc.php - this is also a nice one. first written 2002, 
2003 forked, then included in eGW.

phpgwapi/inc/class.mime_magic.inc.php - from 1999, three authors, copied from 
horde

By the way: Does eGW work with PHP5.3?

Will you be available to deal with all the bug reports for eGW or will these 
be handled by your sponsor?

Thomas Koch, http://www.koch.ro
Reply to: