[Secure-testing-team] sql-ledger in testing

Chris Travers chris at metatrontech.com
Mon Oct 22 22:20:42 UTC 2007 

Hi.  I am not a subscriber of this list but I wanted to provide some 
accurate information about SQL-Ledger and LedgerSMB, including migration 
issues and the like.  I am a core developer of LedgerSMB and I would 
encourage people to write to me with any further questions.  While I 
would discourage the use of SQL-Ledger because of security issues which 
are not trivial to fix, I would also suggest that the decision to 
deprecate a package should be made based on accurate information.

LedgerSMB broke away from SQL-Ledger around 2.6.15.  There have been no 
database changes in SQL-Ledger 2.6.x since we broke off and so we can 
assume that migration from any version of SQL-Ledger 2.6 will be similar.

LedgerSMB and SQL-Ledger have different policies relating to database 
changes and the like.  SQL-Ledger does not seem to have much of a policy 
per se (database changes can happen at any time) while LedgerSMB only 
makes such changes between branches (1.0 vs 1.1 vs 1.2, etc).  We 
provide migration scripts from SQL-Ledger 2.6.x to LSMB 1.0, from LSMB 
1.0 to 1.1, etc so in theory there shouldn't be any problems.

However, a few people do run into a few sorts of poblems relating to our 
database changes.  Basically we enforce data integrity to a much greater 
extent and so some people have trouble migrating because their data is 
already messed up.  THis usually occurs because of custom modifications, 
poor configuration of SQL-Ledger, etc.  These issues are rare and when 
they occur they are usually a symptom of a deeper problem that should be 
fixed as soon as possible.

The second area people occasionally run into problems involve deployment 
scenarios which are at odds with our security infrastructure.  For 
example, we require a single username to be used by a single user at one 
time.

Any other migration issues should be reported as bugs.

If there is a lot of interest from you folks about packaging LedgerSMB, 
let me know and I would be glad to provide whatever assistance I am 
able.  I know that one other core developer already releases .deb 
packages frequently, though not all releases have debian packages to 
date.  I am sure we would be able to help ensure that the software could 
meet your needs both individually and collectively.

Best Wishes,
Chris Travers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chris.vcf
Type: text/x-vcard
Size: 171 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071022/e8a610e1/attachment.vcf

More information about the Secure-testing-team mailing list