[Pkg-roundcube-maintainers] DFSG suffix and SWF files
Vincent Bernat
bernat at debian.org
Sat Oct 17 18:30:32 UTC 2015
❦ 17 octobre 2015 19:41 +0200, Guilhem Moulin <guilhem at guilhem.org> :
> A new upstream release (1.1.3) has been available for a little while,
> and I thought I would try to package it this week-end ;-) I've got one
> blocker and two questions though:
That would be great. :)
>
> 1/ I thought the ‘dfsg’ suffix was added due to upstream shipping
> .swf files with TinyMCE. However ‘moxieplayer.swf’ is still
> included in the roundcube-core package [0]. And even stranger,
> upstream changelog for 0.7 says “TinyMCE security issue: removed
> moxieplayer (embedding flv and mp4 is not supported anymore)”.
> Could anyone enlighten me here? Should we get rid of
> moxieplayer.swf as well? Is there anything else justifying the
> presence of the ‘dfsg’ suffix?
The .swf is coming back either because we started using the embedded
TinyMCE or just because I forgot to exclude it in debian/copyright. But,
yes, it should be removed again. I suppose that upstream reintroduced
the SWF by accident too.
> 2/ Has anyone tried to convince upstream to cryptographically sign
> their release? (If not I'll drop them a line.)
Not tried. Upstream is helpful (we don't interact much but they did make
the "GPL" release for us).
> 3/ Is there a policy for inclusion in roundcube-plugins-extra (which I
> forgot to backport — oops :-/)? I'm thinking of adding
> kolab/calendar [1] (AGPLv3).
There is none. You can include with you think is useful.
--
Grief can take care of itself; but to get the full value of a joy you must
have somebody to divide it with.
-- Mark Twain
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20151017/be132541/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list