[Pkg-crosswire-devel] Diatheke

Daniel Glassey dglassey at gmail.com
Sat Jan 24 18:09:49 UTC 2009


On Fri, Jan 23, 2009 at 4:54 PM, Jonathan Marsden <jmarsden at fastmail.fm> wrote:
> Peter von Kaehne wrote:
>
>> 1) Diatheke - we should rebadge the CGI scripts as "examples" or remove
>> them due to the security issues associated with them.
>
> This is pretty simple to do, either at package build time or (of course)
> it can be done in the original upstream code if Crosswire as a whole
> agrees with the idea.

The installation is currently done in the debian/diatheke.install file

After previous security issues with diatheke (CVE-2008-0932 and
CAN-2005-0015) it shouldn't be
easy to install without knowing what you are doing.But at the same
time e.g. it may be useful functionality to create a quick and simple
intranet bible site.

So a way to do that install the cgi scripts to
/usr/share/doc/diatheke/examples. Create a README.Debian for diatheke
that strongly recommends installing the cgi scripts on a public
webserver and also describes how to install the scripts if you really
want to go ahead.

Anyone for creating the README.Debian or other suggestions?

Regards,
Daniel



More information about the Pkg-crosswire-devel mailing list