Hi Joost, Thank you for your work so far. I'm afraid that realistically it's not possible to maintain quality Moodle 3.0 package in Debian (or Ubuntu 16.04). >From the Moodle site: "Bug fixes for security issues in 3.0.x will end 8 May 2017".
This means in less than 2 months upstream will stop all support for Moodle 3.0. There will be no more security patches. At the same time there will be security bug fixes released for Moodle 3.1, 3.2, 3.3. Many of them will affect (be exploitable in) non-supported Moodle 3.0. It will be a lot of work for the maintainer to test all of them and back-port those needed. Another problem is amount of embedded libraries. I understand that "Debian way" would be to de-couple them and package as separate packages. This is simply too much work. Finally, you had a compelling argument for packaging in Debian: "Sites like Tilburg University rely on a stable security-maintained moodle. We're not realy that eager to implement and upgrade to new moodles with new features every month or so. We'd rather do such a thing every 2 year or so. I'm sure we're not the only one." I agree with it 100% - but now it's possible to accomplish that with upstream Moodle version. You basically stick to Moodle LTS releases. They should not contain new features just bug fixes. And if you really want a stable releases but with security fixes, then you start with a bit later LTS version (e.g. Moodle 3.1.6). So overall I think there is little value in Debian package and a lot of work. And while it breaks my heart (I love both Debian and Moodle) I must say that we're better off removing that package and let people use upstream version. Tomek On 10 March 2017 at 11:50, Joost van Baal-Ilić <joostvb+moo...@uvt.nl> wrote: > Hi, > > Is any DD interested in working on shipping Moodle with upcoming upcoming > Debian 10 Buster release? This would mean the package should be in good > shape > early 2019; and there should be commitment to keep maintaining the package > for > some more years. > > "Moodle is a learning platform designed to provide educators, > administrators > and learners with a single robust, secure and integrated system to create > personalised learning environments." It's like the Free Software > alternative > for Blackboard. > > It's a huge PHP web application, it needs a database backend (MySQL, > e.g.) It > comes with bundled PHP modules from other upstreams. Upstream ships a > .tgz; I > believe one needs a javascript enabled webbrowser to be able to download > from > https://download.moodle.org/releases/security/ (so crafting a watch-file > is not > trivial). The upstream team (hi Dan and Marina) is helpful and responsive. > > Thanks to the work of Isaac Clerencia, Tomasz Muras, Didier Raboud, Thijs > Kinkhorst and others, Moodle has been shipped with Debian in some form > since > 2003 (moodle 1.1.1), see > http://metadata.ftp-master.debian.org/changelogs/main/m/ > moodle/moodle_2.7.18+dfsg-1_changelog > . > > Currently, it's in unstable only, see https://bugs.debian.org/807317 and > https://bugs.debian.org/747084 : I am the only person working on this > package > and due to time constrains can't commit to helping with security support in > upcoming Debian 9 stable/stretch. However, there _is_ an unofficial > backport > to current stable/jessie, available from "deb http://non-gnu.uvt.nl/debian > jessie uvt", see https://non-gnu.uvt.nl/debian/jessie/moodle/ . > > The Debian Moodle packaging "team" uses git on Alioth, see > https://alioth.debian.org/projects/pkg-moodle/ . There's also > pkg-moodle-maintain...@lists.alioth.debian.org . (That one however is > not very > suitable for development discussions since its archive is not publically > accessible.) > > In april 2016, Nishanth Aravamudan and Steve Langasek worked on moodle > (3.0.3+dfsg-0ubuntu1) which is shipped with Ubuntu xenial (16.04LTS) and > yakkety (16.10). > > It would be really cool if Debian would continue to ship moodle in some > form. > And it would be very sad if we'd fail to continue shipping it... I am > willing > to spend _some_ time on making this happen. However, if nobody steps up > soonish to help, I'm afaid moodle support in Debian will stop. I'll upload > upcoming 2.7.19+dfsg-1 in a couple of days; if nothing changes that would > be my > last moodle upload to Debian... :( > > Anybody interested in working on getting e.g. something based upon > Nishanth's > and Steve's moodle 3.0.* in Debian Buster? I offer to help. > > Bye, > > Joost > > > > Op Wed, Feb 04, 2015 at 09:54:41AM +0100 schreef Joost van Baal-Ilić: > > > [...] > > At Tilburg University we are running moodle on some Debian systems; we > have > > an interest in keeping it working for us. I basically took over the work > > from Thijs. > > > > Op Thu, Jan 22, 2015 at 07:47:17AM +0000 schreef Dan Poltawski: > > > > > > 'Upstream' here. > [...] > > > Thank you very much for trying to get in touch with us. > > > > > > I've been cc'd on the Moodle debian bugs for quite some time and i'm > > > afraid that this is a bit of a cycle with the package. Quite some time > > > ago I was part of a team to keep up with keeping the package in order, > > > but eventually could not keep on top of it - then others like Tomasz > > > Muras and Thijs Kinkhorst have valiantly tried to get it in order. See > > > #494642 #647489 #747084 etc. > [...] > > Yes, it is quite a lot of work; Thijs managed to keep the package in > shape, > > I'm convinced I can do it too. However, I don't think it's wise to offer > > moodle in Debian stable > <snip> > > -- > Joost van Baal-Ilić http://abramowitz.uvt.nl/ > Tilburg University > mailto:joostvb.uvt.nl The Netherlands > > _______________________________________________ > Pkg-moodle-maintainers mailing list > pkg-moodle-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/ > pkg-moodle-maintainers >
