[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#311597: anyterm build issues

On Wed, Jun 22, 2005 at 11:35:58PM +0100, Phil Endecott wrote:
> >Including a
> >custom version of ROTE with anyterm would probably cause the package to
> >be rejected.
> ..
> >Have you considered forking ROTE
> So do you think that forking a custom version is good or bad?
I think it is bad, but better than trying to include the whole thing
inside of anyterm.

> As I said this may become an issue if / when I need to make further changes.  
> For the time being I am happy with things as they are.  I have not had any 
> feedback from users complaining about the current arangement.  There are more 
> important things on my to-do list than solving this problem.

> >or asking Bruno to allow you to take a
> >more active role (like CVS commit access)?
> So what would I commit?  If I wanted a change, I would send him a patch.  But 
> if I submit a patch that causes binary incompatibility, that will cause 
> problems.  (Or, at least, it causes issues that *I* don't properly understand.  
> I don't know who is using ROTE and for what.)
OK.  I thought the bigger issue was Bruno not having enough time.  What
you say makes sense.  Maybe there is something we can do to see if is
willing to commit some more time.

> >* apt-get install gets the files in place, but the module remains
> >disabled
> >* Document well all potential security issues and provide references for
> >external reading (including the anyterm web pages/forums).
> OK, but you need to present a default configuration where users have *no 
> excuse* for ending up with an insecure system.  People will always tend to do 
> the minimum that is necessary to get something working.
The default will be that the thing will be turned off completely by
default.  Thus, the user will need to at least manually enable the
module and restart apache, and (if you agree) enable it in
/etc/defaults.  Unfortunately, there is no way to guarantee that they
will read the docs prior to using it, but that should present a high
enough barrier that newbies shouldn't get blindsided and experienced
Apache admins should know better.

Tell me if you think I am missing what you are saying.

Roberto C. Sanchez

Attachment: pgp4tw9pJp5FN.pgp
Description: PGP signature

Reply to: