-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Dec 29, 2008 at 06:06:06PM -0600, John Goerzen wrote: >On Tue, Dec 30, 2008 at 12:59:13AM +0100, Jonas Smedegaard wrote: >> Your proposed patch is not an acceptable solution, however: The >> problem lies in duplicated code: If a seurity bug is found in FCK >> then Debian should need to path only once, not once per web app >> embedding FCK. >> >> So the challenge is to make MoinMoin use the separately packaged FCK. > >My understanding is that it is not simply the same as upstream FCK; >after all, if it were, wouldn't the solution be a simple matter of a >dependency and few symlinks?
Indeed, that's why I call it a challenge. >The moinmoin FCK editor is a fork designed to operate on Moin wiki >markup. As such, a number of HTML features are stripped out, and the >remaining features work on a different language underneath. I would >maintain this is not the same editor at all, but a fork, and that >integration with the standard FCK editor is neither possible nor >fruitful, since bugs with one would not necessarily impact the other. Hm. Yes. I dislike maintaining the potential security nightmare of an FCK fork as integral part of MoinMoin. I really would prefer that the Debian fckeditor package adopted the changes done by MoinMoin and maintain both "branches" of FCK. If that is not possible (or too much work), then as I see it the second best would be for the moin source package to package the moin-fckeditor as a separate optional binary package. Third best IMO would be to improve current approach to at least make it possible to (unofficially and unsupportedly) add back the ripped out fckeditor, and provide documentation with the package on how to do so. Help is much appreciated with any of these. - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAklZa0kACgkQn7DbMsAkQLjEQwCfU9U3874EQFieNw8tYaDE8mFp CVIAn1DSmpopQ8Rg3iu8i5BGOd96lO1A =GrrH -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
