[pkg-horde] Dropping horde2
Lionel Elie Mamane
lionel at mamane.lu
Mon Jan 30 08:01:58 UTC 2006
On Mon, Jan 30, 2006 at 06:53:11AM +0100, Ola Lundqvist wrote:
> On Sun, Jan 29, 2006 at 09:33:12PM +0100, Lionel Elie Mamane wrote:
>> On Sun, Jan 29, 2006 at 06:15:23PM +0000, Neil McGovern wrote:
>>> kronolith seems to be fairly badly coded wrt security issues
>>> though. I'd suggest depreciating kronolith1 and forcing people on
>>> to kronolith2, whcih although only a little better, is actually
>>> supported upstream.
>> The problem is that kronolith2 depends on version 3 of the horde
>> framework (rather than version 2), that the two versions of horde
>> cannot meaningfully cooperate and there are still some horde2
>> applications that have not been ported to horde3. Basically,
>> upstream has abandoned horde2 before they ported all their OWN code
>> to horde3.
>> So dropping horde2 is a regression, which explains why we haven't
>> done it yet. But I'm toying with the idea, as we cannot
>> meaningfully support it anyway. Ola, your opinion?
> If kronolith1 (named kronolith) can not be fixed, and is not
> supported at all by upstream I think we should drop it.
I was talking about dropping horde2 and all the apps for it. None of
them is supported upstream, are they? Hmmm... Now I see that they
security-updated Horde2 (November 2005), but none of the apps. I'm
confused. Do we have a statement by them on the extent they *do*
support it or not? If not, maybe we should just straight ask them?
I propose:
1) If upstream commits to security support the horde2 suite for the
etch timeframe, we keep it.
2) If upstream has completely dropped support (even security) for
horde2 and its apps, drop them.
--
Lionel
More information about the pkg-horde-hackers
mailing list