[Secure-testing-team] Bug#645231: trac: python upgrade leads to inaccessible jquery.js
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Oct 13 19:22:35 UTC 2011
On 10/13/2011 02:24 PM, Jakub Wilk wrote:
> * Daniel Kahn Gillmor <dkg at fifthhorseman.net>, 2011-10-13, 13:38:
>> Thanks for packaging trac for debian, and for relying on the system
>> copy of jquery rather than on an embedded code copy.
>
> Then you probably won't be happy to find out that the version in sid
> uses the embedded copy.
hmm, the changelog says:
* Drop 15_remove_jquery_file.dpatch because Trac requires a specific
version of jQuery (Closes: #592734, #610557) (LP: #526810, #610205).
If a specific version is required, the trac debian package should have
an explicit versioned dependency. Embedding a copy of another software
package is bad news from a security and maintenance perspective.
I'm CC'ing the folks tracking embedded code copies [0] here so they're
aware of this new issue.
Regards,
--dkg
[0] https://wiki.debian.org/EmbeddedCodeCopies
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20111013/c2f7df57/attachment.pgp>
More information about the Secure-testing-team
mailing list