dglassey at gmail.com
Sat Jan 24 18:09:49 UTC 2009
On Fri, Jan 23, 2009 at 4:54 PM, Jonathan Marsden <jmarsden at fastmail.fm> wrote:
> Peter von Kaehne wrote:
>> 1) Diatheke - we should rebadge the CGI scripts as "examples" or remove
>> them due to the security issues associated with them.
> This is pretty simple to do, either at package build time or (of course)
> it can be done in the original upstream code if Crosswire as a whole
> agrees with the idea.
The installation is currently done in the debian/diatheke.install file
After previous security issues with diatheke (CVE-2008-0932 and
CAN-2005-0015) it shouldn't be
easy to install without knowing what you are doing.But at the same
time e.g. it may be useful functionality to create a quick and simple
intranet bible site.
So a way to do that install the cgi scripts to
/usr/share/doc/diatheke/examples. Create a README.Debian for diatheke
that strongly recommends installing the cgi scripts on a public
webserver and also describes how to install the scripts if you really
want to go ahead.
Anyone for creating the README.Debian or other suggestions?
More information about the Pkg-crosswire-devel