Le lundi 12 août 2024, 16:15:53 UTC Bastien Roucariès a écrit :
> Le lundi 12 août 2024, 00:27:17 UTC Mike Gabriel a écrit :
> > Hi Moritz, hi Santiago,
> > 
> > On  So 11 Aug 2024 12:57:23 CEST, Moritz Muehlenhoff wrote:
> > 
> > > On Sat, Aug 10, 2024 at 11:19:24AM -0300, Santiago Ruano Rincón wrote:
> > >> (I had tried to answer from the web debian-lts archive, and I don't know
> > >> why firefox ended up sending four empty emails to the list. Really sorry
> > >> for the noise)
> > >>
> > >> El 31/05/22 a las 05:42, Mike Gabriel escribió:
> > >> > Hi Moritz, Salvatore, Sylvain,
> > >> >
> > >> > On  Mo 30 Mai 2022 20:04:14 CEST, Moritz Mühlenhoff wrote:
> > >> >
> > >> > > Am Sun, May 29, 2022 at 09:36:43AM +0200 schrieb Salvatore 
> > >> > > Bonaccorso:
> > >> > > > While this is discouraged in general, we could opt here for this, 
> > >> > > > to
> > >> > > > avoid that ckeditor3 might get additional users outside of
> > >> > > > php-horde-editor.
> > >> > >
> > >> > > This would also mean that only those bits of ckeditor3 which  
> > >> are actually
> > >> > > used by Horde need to be updated.
> > >> > >
> > >> > > Cheers,
> > >> > >         Moritz
> > >> >
> > >> > I read that embedding is ok with the security team for the  
> > >> exceptional case
> > >> > php-horde-editor. I will put this on my todo list for the next  
> > >> Horde update
> > >> > round (which is already overdue).
> > >> >
> > >> > Mike
> > >>
> > >> Hello Mike,
> > >>
> > >> AFAICS on tracker.d.o, php-horde-editor hasn't been updated since then,
> > >> so I guess the situation is the same than when buster was becoming LTS.
> > >>
> > >> I wonder if there is any action that could be made for bullseye and
> > >> bookworm. Is there a way to limit the ckeditor3 security support to
> > >> only cover the usage with php-horde-editor?
> > >
> > > Horde is pretty much unmaintained. php-horde-mime-viewer and 
> > > php-horde-turba
> > > are in dsa-needed.txt for a long time, but pings were never replied  
> > > to either.
> > >
> > > It seems best to drop Horde (and ckeditor3 alongside) from testing.
> > >
> > > Cheers,
> > >         Moritz
> > 
> > I will take a look at this the coming week or the week after (when I  
> > will have plenty of time for Debian stuff).
> > 
> > For ckeditor3, I will drop the symlinking of ckeditor3 and use the  
> > bundled version instead (which currently gets removed). I will also  
> > check the diff between Horde's bundled version of ckeditor3 and the  
> > version we have in Debian and amend things if needed.
> 
> Last time I checked I think it is possible to use newer ckeditor, but it need 
> testing
> 
> ckeditor4 API is not so different

I have just quickly checked and it seems that ckeditor 4 need some cosmetic 
change particlalry for loading

Do we have a quicke install for sid of horde for testing ?

rouca
> 
> Bastien
> > 
> > Regarding the nearly-non-maintenance state of Horde: Horde hasn't been  
> > ported to PHP 8, yet. One of the upstream devs is working on that, but  
> > there are not official releases, yet. I will ping them about the  
> > current status.
> > 
> > Mike
> > 
> 
> 
> 

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to