Le mercredi 24 mars 2010 à 13:04 +0100, Benoit Hamet a écrit : > Hi Olivier, > Hi All, > > Olivier Berger a écrit : > > Hi. > > > > I'm worried as the "official" current Debian maintainer of phpgroupware. > > > > There have been quite a few security issues found in phpgroupware, that > > have been "fixed" by applying patches in the Debian package, which were > > never formally officially "managed" by the phpgroupware project in a > > sensible way. You may find a list of the most worrying ones in : > > http://security-tracker.debian.org/tracker/source-package/phpgroupware > > Problems have mostly been addressed by direct email contact with a few > > of you, but that ain't sustainable iMHO. > The release is already done. the 0.9.014 is available since some days > now but not yet officially announced on the main web site. I'm writing > the announcement atm. I hope to publish it at the end of the day. >
OK, excellent news. > > > > > Even though there are patches floating around, you aren't managing them > > through the bugtracker, nor releasing updated archives for the project. > > I don't know what your habits are, but for me, the bugracker is the main > > interface between a project and its users / packagers... failing to > > properly manage the tickets in the tracker is as important as failing to > > commit in the SVN. > The patches are commited in the svn. They were not published on the > official track manager due to lack of time. I know this is bad practice, > but we've got some man power problem. > OK... not dead, but barely breathing ;) > That's a long time discussed problem. Either try to maintain a mostly > dead code that will not be supporting > php5.2 (AFAIK this should be the > next php version in Debian isn't it ?), or try to move on with a new > code, supporting >= php 5.2. > Can you point me to some more details about incompatibility with PHP 5.3 ? Because that would indeed be a show stopper for next stable (squeeze), I think. > Having 0.9.16 in the next stable debian is not a solution for me. First > argument in mind is the php version that will not be supported by this > old code base ... So until "nextgen" is released, I don't see how to > push for a debian package of phpgroupware ... AFAIK Gentoo is(was ?) > packaging phpgroupware too. OK... then there may be unofficial packages still... > > > > I may as well pass the maintainer responsability to someone else, as I > > may be too picky... but I honestly think there's a problem here that > > needs to be addressed, and getting away from it won't really help. > Welcome as a developper of nexgen :). No thanks, enough to do with FusionForge, Mantis, and other desperate PHP projects ;) Thanks for the quick response. Best regards, -- Olivier BERGER <[email protected]> http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingénieur Recherche - Dept INF Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France) _______________________________________________ phpGroupWare-developers mailing list [email protected] http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
