Re: Bug #566650: Please unblock dtc 0.32.2-1
On Mon, Nov 08, 2010 at 10:47:54PM +0800, Thomas Goirand wrote:
> As it stands, it's unreasonable to even try working on the 0.30.x branch
> for Squeeze, given the short amount of time remaining. I feel very sad
> about it, but as there's no way to convince the RT that the 0.32.x
> branch is in a very good shape for Squeeze (my users can tell it is...),
> I have to ask for the removal of src:dtc from testing. Please proceed if
> there's no way to change your mind about unblocking.
>
I've had a look at the diff
( 425 files changed, 102770 insertions(+), 49242 deletions(-) ) !
and there's things in just the first few files that make this unsuitable
for this stage of the freeze, and some worrying changes in general. Just
picking through the file at complete random:
- return "Admin not found!";
+ return "Admin $adm_login not found line ".__LINE__." file ".__FILE__;
Would this lead to some information disclosure?
dtc-0.30.20/admin/inc/dtc_config.php - huge set of changes, including a
load of new features (Custom registration fields, a new radius
implementation etc)
dtc-0.32.5/admin/dtc_db.php and dtc-0.32.5/admin/dtc_import_all_dbs:
looks like a load of changes to the database.
A lot of:
-<form action=\"".$_SERVER["PHP_SELF"]."\" method=\"post\">
+<form action=\"?\" method=\"post\">
Makes me wonder if this been through a search and replace tool.
As this is such a small selection from what is a huge diff, I'm afraid
I've gone with the suggestion and added the DTC removal hint.
Neil
--
<pixie> Ganneff is just a big cuddly teddy bear.
<pixie> Our photo proves it.
Reply to: