(I had tried to answer from the web debian-lts archive, and I don't know
why firefox ended up sending four empty emails to the list. Really sorry
for the noise)

El 31/05/22 a las 05:42, Mike Gabriel escribió:
> Hi Moritz, Salvatore, Sylvain,
> 
> On  Mo 30 Mai 2022 20:04:14 CEST, Moritz Mühlenhoff wrote:
> 
> > Am Sun, May 29, 2022 at 09:36:43AM +0200 schrieb Salvatore Bonaccorso:
> > > While this is discouraged in general, we could opt here for this, to
> > > avoid that ckeditor3 might get additional users outside of
> > > php-horde-editor.
> > 
> > This would also mean that only those bits of ckeditor3 which are actually
> > used by Horde need to be updated.
> > 
> > Cheers,
> >         Moritz
> 
> I read that embedding is ok with the security team for the exceptional case
> php-horde-editor. I will put this on my todo list for the next Horde update
> round (which is already overdue).
> 
> Mike

Hello Mike,

AFAICS on tracker.d.o, php-horde-editor hasn't been updated since then,
so I guess the situation is the same than when buster was becoming LTS.

I wonder if there is any action that could be made for bullseye and
bookworm. Is there a way to limit the ckeditor3 security support to
only cover the usage with php-horde-editor?

Cheers,

 -- Santiago

Attachment: signature.asc
Description: PGP signature

Reply via email to