Hi. I'm worried as the "official" current Debian maintainer of phpgroupware.
There have been quite a few security issues found in phpgroupware, that have been "fixed" by applying patches in the Debian package, which were never formally officially "managed" by the phpgroupware project in a sensible way. You may find a list of the most worrying ones in : http://security-tracker.debian.org/tracker/source-package/phpgroupware Problems have mostly been addressed by direct email contact with a few of you, but that ain't sustainable iMHO. Even though there are patches floating around, you aren't managing them through the bugtracker, nor releasing updated archives for the project. I don't know what your habits are, but for me, the bugracker is the main interface between a project and its users / packagers... failing to properly manage the tickets in the tracker is as important as failing to commit in the SVN. A few other problems are tracked there as "being fixed in 0.9.18 branch"... and it's really questionable if there will ever be a release some day. The latest one I've had a look at is the IP V6 support one : http://savannah.gnu.org/bugs/index.php?func=detailitem&item_id=13796 (my interest triggered by : http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;bug=317437 ) I think it's great to prepare the next version, but it's even better to be able to care for the current one. I'm currently considering declaring phpgroupware unmaintained, and pulling it out of Debian, as it is not really safe in my opinion, to commit on maintaining such a package in the next stable Debian, that is supposed to be maintained for a couple years from now. I'm sorry, but it seems that it's the best decision IMHO, to be honest with users that depend on such packaging (although it's not obvious there are so many of them). I don't know if other distributions are still packaging phpgroupware and what they think... :-/ Any comments ? I may as well pass the maintainer responsability to someone else, as I may be too picky... but I honestly think there's a problem here that needs to be addressed, and getting away from it won't really help. Best regards, -- Olivier BERGER <[email protected]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
signature.asc
Description: Ceci est une partie de message numériquement signée
_______________________________________________ phpGroupWare-developers mailing list [email protected] http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
