On Tue, Jun 16, 2009 at 1:47 PM, Ville-Pekka Vainio<[email protected]> wrote: > Hi, > > I recently took over as the maintainer of the moin package in Fedora and > EPEL. It's my first EPEL package. I've been able to handle the Fedora > side quite well but, to be honest, I'm in a bit of trouble with the EPEL > packages. The thing is, the package has been practically unmaintained > for a year now and I'm quite certain there are security issues with it > (I'd rather not disclose the possible vulnerabilities on a public > mailing list). > > The moin version in EPEL is 1.5.9 and upstream has abandoned the 1.5 > series completely. From what I've read on mailing lists, IRC and the > Moin documentation, the migration from 1.5 to 1.6 or later can be quite > painful. IIRC the Fedora infrastructure team were testing it before > switching to Mediawiki and they had all kinds of problems with it as > well. This is why I'd rather not submit an update to 1.8, which is the > current stable branch, in EL-4 or EL-5.
I had looked at this a while ago. My strategy looked to be to create a moin15, moin16 etc that would replace the older versions (moin-1.5 etc) since upgrades from 1.5 to 1.8 were uhm painful (I know I did it a couple of times). This would allow for 2 things. 1) put people with older moins on a stable RPM that wouldn't break production websites. 2) allow for us to within 1-2 release cycles end support for these moin packages. People who wanted to upgrade could then work out the steps themselves as its not always easy. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ epel-devel-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/epel-devel-list
