On Sat, 2010-05-08 at 16:23 +0200, Tollef Fog Heen wrote:
> ]] "Frank Lin PIAT" wrote
>
> | On Fri, 2010-05-07 at 21:49 +0200, Tollef Fog Heen wrote:
> | > Package: python-moinmoin
> | > Severity: normal
> | >
> | > moin has a list of protocols it leaves alone in
> | > MoinMoin/config/__init__.py
> | >
> | > from this list, at least git, imap, imaps, caldav and nntps are
> | > missing leading to wrongly formatted URLs.
> |
> | I checked on my system (see proto.html). And none of those url schemes are
> | supported by Debian Gnome default setup (DebianTesting). Therefore, I
> | wonder if those schemes are good candidates for inclusion.
>
> It means you can't add git urls that are copy paste-able, for instance,
> something which is quite unfortunate and there is no way for me to
> change that.
I am not sure to understand what you want.
It is certainly possible to change the behavior, if it is safe.
If I were you, I would use curly brackets, like for all code samples:
-----
Git repository:
{{{
git://foo
}}}
-----
Or the in-line form:
-----
Git repository: {{{git://foo}}}
----
> | Since upstream documents how to achieve your goal for specific needs (see
> | below), I am closing this bug. If you believe it could be useful for most
> | users, we could file a feature request[1] upstream, and
> | elaborate there.
>
> [...]
>
> | Note: the proper way to achieve this in Debian would be to add a patch and
> | recompile the package (because
> | the /usr/share/pyshared/MoinMoin/config/__init__.py isn't a
> | configuration file).
>
> And lose out on security updates? No thanks.
>
> I find it quite disconcerning that the what upstream considers
> configuration isn't shipped in /etc and marked as configuration files in
> the package, though.
You should blame us, the Debian package maintainer, not upstream:
Upstream provide a tarball that is meant to be decompressed (typically
in /srv/foo).
Adding a protocol has important security implication:
- disclosing credential
- DoS attacks (locking accounts...)
- cross site scripting attacks
etc.
The main problem is that wikis are usually public, so anyone can add
arbitrary link.
> I believe this is a release critical bug, but I'd
> appreciate your input on it before filing it.
MoinMoin/config/__init__.py is not a configuration file, but the
"source" code, that needs to be modified before compilation.
(I understand that you are reluctant to do so, for security reason).
So what is/are the protocol(s) that you want/need? then we'll have to
figure out (your help is welcome):
- Does Debian or Windows or MacOS handle it? (with a popular tool)
- Are those URL scheme documented
- Are there security issues
regards,
Franklin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
