Vincent, and DD's I've finally placed a new twiki 4.1.2-4 deb at
http://distributedinformation.com/TWikiDebian/twiki_4.1.2-4_i386.changes I have put the session files into /var/lib/twiki/tmp and am using TWiki's built in settings to auto remove session files after 6 hours. Could someone please upload it for me so it can go into Lenny? Sven Vincent Bernat wrote: > OoO Pendant le temps de midi du samedi 16 août 2008, vers 12:36, Sven > Dowideit <[EMAIL PROTECTED]> disait : > >> frustratingly, I'm not a DD >> and Worse. I have an emergency update to TWiki for a security issue that >> needs fixing for Lenny, but I have no DD to help me upload it > >> Anyone here willing to do a quick package upload of TWiki in the next >> day? > > Hi Sven! > > I would be happy to upload your fix but I disagree with it. As pointed > by Olivier at the end of the bug report, /tmp can be flushed at boot or > by some cronjobs. Therefore, you cannot ensure that the twiki directory > still exists when twiki will be running. > > I cannot give an universal solution, but in Roundcube, we use > /var/lib/roundcube/temp and we provide a cron job that will clean it > every m days where <m> can be set by the user in /etc/default/roundcube > (and I just noticed that this is broken... will upload a fix). This way, > we don't fill up /var but we don't rely on anything in /tmp. Moreover, > we don't have to handle a complex script in postinst to circumvent > symlinks attacks. > > The problem with webapps is that we don't have a clear policy of what to > do. You can just look at other packages, like phpmyadmin, mediawiki, > etc. Each attempt to establish a webapps policy seems to be aborted. -- Professional Wiki Innovation and Support Sven Dowideit - http://DistributedINFORMATION.com A WikiRing Partner - http://wikiring.com Public key - http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
