On Oct 01 2015, "Kai Storbeck" <k...@xs4all.nl> wrote:
> Hi,
>
> Roundup 1.4.20-1.1 is still the version in stable. Roundup 1.5 was
> released a few years back, and I need someone to help me with the
> final stages in getting 1.5 in stretch, or getting it removed.
>
>
> Roundup is a python web application with quite some vendored code
> (javascript libs and fonts), 5 different licenses, and in 1.5.0 there
> is an offending file that has an incompatible licensing, so I had to
> "dfsg" it. (is there a verb for that?)
>
> During this work a security issue came along and this made me realise
> that the architecture of roundup isn't exactly compatible with what I
> would expect from a proper Debain package.
>
> We can create security updates for roundup, but that won't help any
> existing user as all actual issue trackers are using a copy of the lib
> at the time of their birth.
>
> I'm quite unsure on how to proceed here, but perhaps someone with more
> experience can help me with the steps needed.
I'd suggest to patch the roundip initialization command to use symlinks
to /usr instead of copying the libs.
Disclaimer: it's been a while since I last used roundup, and much longer
since I last set up a fresh instance.
Best,
-Nikolaus
--
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
