[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Roundup in stretch? [Re: Searching for a roundup sponsor]

On 01/10/15 22:11, Kai Storbeck wrote:
> Hi,
> Roundup 1.4.20-1.1 is still the version in stable. Roundup 1.5 was released a few years back, and I need someone to help me with the final stages in getting 1.5 in stretch, or getting it removed.
> Roundup is a python web application with quite some vendored code (javascript libs and fonts), 5 different licenses, and in 1.5.0 there is an offending file that has an incompatible licensing, so I had to "dfsg" it. (is there a verb for that?)
> During this work a security issue came along and this made me realise that the architecture of roundup isn't exactly compatible with what I would expect from a proper Debain package.
> We can create security updates for roundup, but that won't help any existing user as all actual issue trackers are using a copy of the lib at the time of their birth.
> I'm quite unsure on how to proceed here, but perhaps someone with more experience can help me with the steps needed.

Hello Python Application Team,

I'm still reasonably at the same spot as I was in October 2015.

Lets compare Roundup with Trac or Request-tracker4:

Roundup is not designed to be customizable in the way Request Tracker
(request-tracker4) is. The latter supports local customizations (in
/usr/local) and plugins either from source, Debian packaged extensions;
without having to rewrite any files from the package in /usr/share.

Trac is only customizable through settings or extra plugins. Code is not
changed, nor copied, IIUC.

Roundup is intended to be copied and heavily customized, although I can
see a very small niche where roundup would contain only an instantiated
demo tracker in /usr/share (I.e. no customizable config/authorization).

My advice: File a removal. I certainly have only partially enjoyed
maintaining it. I'm open to filing an RFA instead of a removal, but I
need some discussion with some people for a consensus.

Kind Regards,
Kai Storbeck

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: