Le lundi 12 août 2024, 16:15:53 UTC Bastien Roucariès a écrit : > Le lundi 12 août 2024, 00:27:17 UTC Mike Gabriel a écrit : > > Hi Moritz, hi Santiago, > > > > On So 11 Aug 2024 12:57:23 CEST, Moritz Muehlenhoff wrote: > > > > > On Sat, Aug 10, 2024 at 11:19:24AM -0300, Santiago Ruano Rincón wrote: > > >> (I had tried to answer from the web debian-lts archive, and I don't know > > >> why firefox ended up sending four empty emails to the list. Really sorry > > >> for the noise) > > >> > > >> El 31/05/22 a las 05:42, Mike Gabriel escribió: > > >> > Hi Moritz, Salvatore, Sylvain, > > >> > > > >> > On Mo 30 Mai 2022 20:04:14 CEST, Moritz Mühlenhoff wrote: > > >> > > > >> > > Am Sun, May 29, 2022 at 09:36:43AM +0200 schrieb Salvatore > > >> > > Bonaccorso: > > >> > > > While this is discouraged in general, we could opt here for this, > > >> > > > to > > >> > > > avoid that ckeditor3 might get additional users outside of > > >> > > > php-horde-editor. > > >> > > > > >> > > This would also mean that only those bits of ckeditor3 which > > >> are actually > > >> > > used by Horde need to be updated. > > >> > > > > >> > > Cheers, > > >> > > Moritz > > >> > > > >> > I read that embedding is ok with the security team for the > > >> exceptional case > > >> > php-horde-editor. I will put this on my todo list for the next > > >> Horde update > > >> > round (which is already overdue). > > >> > > > >> > Mike > > >> > > >> Hello Mike, > > >> > > >> AFAICS on tracker.d.o, php-horde-editor hasn't been updated since then, > > >> so I guess the situation is the same than when buster was becoming LTS. > > >> > > >> I wonder if there is any action that could be made for bullseye and > > >> bookworm. Is there a way to limit the ckeditor3 security support to > > >> only cover the usage with php-horde-editor? > > > > > > Horde is pretty much unmaintained. php-horde-mime-viewer and > > > php-horde-turba > > > are in dsa-needed.txt for a long time, but pings were never replied > > > to either. > > > > > > It seems best to drop Horde (and ckeditor3 alongside) from testing. > > > > > > Cheers, > > > Moritz > > > > I will take a look at this the coming week or the week after (when I > > will have plenty of time for Debian stuff). > > > > For ckeditor3, I will drop the symlinking of ckeditor3 and use the > > bundled version instead (which currently gets removed). I will also > > check the diff between Horde's bundled version of ckeditor3 and the > > version we have in Debian and amend things if needed. > > Last time I checked I think it is possible to use newer ckeditor, but it need > testing > > ckeditor4 API is not so different
I have just quickly checked and it seems that ckeditor 4 need some cosmetic change particlalry for loading Do we have a quicke install for sid of horde for testing ? rouca > > Bastien > > > > Regarding the nearly-non-maintenance state of Horde: Horde hasn't been > > ported to PHP 8, yet. One of the upstream devs is working on that, but > > there are not official releases, yet. I will ping them about the > > current status. > > > > Mike > > > > >
signature.asc
Description: This is a digitally signed message part.