On Sat, 2010-05-08 at 16:23 +0200, Tollef Fog Heen wrote: > ]] "Frank Lin PIAT" wrote > > | On Fri, 2010-05-07 at 21:49 +0200, Tollef Fog Heen wrote: > | > Package: python-moinmoin > | > Severity: normal > | > > | > moin has a list of protocols it leaves alone in > | > MoinMoin/config/__init__.py > | > > | > from this list, at least git, imap, imaps, caldav and nntps are > | > missing leading to wrongly formatted URLs. > | > | I checked on my system (see proto.html). And none of those url schemes are > | supported by Debian Gnome default setup (DebianTesting). Therefore, I > | wonder if those schemes are good candidates for inclusion. > > It means you can't add git urls that are copy paste-able, for instance, > something which is quite unfortunate and there is no way for me to > change that.
I am not sure to understand what you want. It is certainly possible to change the behavior, if it is safe. If I were you, I would use curly brackets, like for all code samples: ----- Git repository: {{{ git://foo }}} ----- Or the in-line form: ----- Git repository: {{{git://foo}}} ---- > | Since upstream documents how to achieve your goal for specific needs (see > | below), I am closing this bug. If you believe it could be useful for most > | users, we could file a feature request[1] upstream, and > | elaborate there. > > [...] > > | Note: the proper way to achieve this in Debian would be to add a patch and > | recompile the package (because > | the /usr/share/pyshared/MoinMoin/config/__init__.py isn't a > | configuration file). > > And lose out on security updates? No thanks. > > I find it quite disconcerning that the what upstream considers > configuration isn't shipped in /etc and marked as configuration files in > the package, though. You should blame us, the Debian package maintainer, not upstream: Upstream provide a tarball that is meant to be decompressed (typically in /srv/foo). Adding a protocol has important security implication: - disclosing credential - DoS attacks (locking accounts...) - cross site scripting attacks etc. The main problem is that wikis are usually public, so anyone can add arbitrary link. > I believe this is a release critical bug, but I'd > appreciate your input on it before filing it. MoinMoin/config/__init__.py is not a configuration file, but the "source" code, that needs to be modified before compilation. (I understand that you are reluctant to do so, for security reason). So what is/are the protocol(s) that you want/need? then we'll have to figure out (your help is welcome): - Does Debian or Windows or MacOS handle it? (with a popular tool) - Are those URL scheme documented - Are there security issues regards, Franklin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org