Debian Bug report logs - #625865
RFP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Chris Warburton <chriswarbo@googlemail.com>

Date: Fri, 6 May 2011 13:03:05 UTC

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, debian-devel@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 13:03:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chris Warburton <chriswarbo@googlemail.com>:
New Bug report received and forwarded. Copy sent to debian-devel@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 13:03:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Chris Warburton <chriswarbo@googlemail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 12:56:21 +0000
Package: wnpp
Severity: wishlist
Owner: Chris Warburton <chriswarbo@gmail.com>


* Package name    : ocportal
  Version         : 6.1.1
  Upstream Author : Chris Graham <chris@ocproducts.com>
* URL             : http://www.ocportal.com
* License         : CPAL
  Programming Lang: PHP
  Description     : ocPortal is a Content Management System for building and maintaining a dynamic website

ocPortal is a Content Management System (CMS), which acts as the "engine" to run sophisticated,
dynamic Web sites. ocPortal attempts to include as much functionality as possible "out of the
box", with options to disable unwanted modules after installation. An emphasis is placed on
ease of use, with built-in GUIs for all common requirements, whilst reprogramming is supported
through a system of file overrides.

ocPortal sites can host content of various types including news, member blogs, events,
galleries (images, video, audio, Flash), file downloads and user-defined "catalogue" data. Many
modules are included for dynamic features such as forums, chat rooms, Wikis, commenting, rating,
awards, trackbacks, polls, quizzes, ecommerce (products sales and usergroup subscription) and a
'points' system for rewarding contributors. Content can be made available in multiple languages
and will be automatically analysed for Search Engine Optimisation.

Powerful administration tools are available, including banner networks, a comprehensive admin
zone with check lists and reminders, email newsletters (including automatic "What's new?"
issues), site statistics, hacking detection and alerts, backups, theming tools and a powerful
commandline environment.

ocPortal is written in PHP, XHTML and Javascript and conforms to Web and Accessibility standards.
Custom languages are included for theming/templating (Tempcode) and markup (Comcode), the latter
being inspired by the "BBCode" language found on many forums. ocPortal includes its own forum,
called OCF, but can also integrate or import many third-party forums and CMSs. There is currently
at least some support for: AEF, Burning Board, IPB, Joomla, MKPortal, MyBB, phpBB, phpNuke, SMF,
static HTML, vB, Wordpress and WowBB.

ocPortal requires PHP 4.2+ or HipHop, MySQL and a Web server such as Apache. ocPortal
development is supported by ocProducts Ltd.




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 13:45:48 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Kitterman <debian@kitterman.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 13:45:50 GMT) Full text and rfc822 format available.

Message #10 received at 625865@bugs.debian.org (full text, mbox):

From: Scott Kitterman <debian@kitterman.com>
To: debian-devel@lists.debian.org, Chris Warburton <chriswarbo@googlemail.com>, 625865@bugs.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 6 May 2011 09:11:08 -0400
On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
>   Programming Lang: PHP
>   Description     : ocPortal is a Content Management System for building
> and maintaining a dynamic website

How many content management systems written in php does Debian need?

Scott K




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 13:45:53 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josselin Mouette <joss@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 13:45:53 GMT) Full text and rfc822 format available.

Message #15 received at 625865@bugs.debian.org (full text, mbox):

From: Josselin Mouette <joss@debian.org>
To: 625865@bugs.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 15:16:58 +0200
Le vendredi 06 mai 2011 à 09:11 -0400, Scott Kitterman a écrit : 
> On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> >   Programming Lang: PHP
> >   Description     : ocPortal is a Content Management System for building
> > and maintaining a dynamic website
> 
> How many content management systems written in php does Debian need?

How about zero?

-- 
Joss





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 13:51:21 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tshepang Lekhonkhobe <tshepang@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 13:51:21 GMT) Full text and rfc822 format available.

Message #20 received at 625865@bugs.debian.org (full text, mbox):

From: Tshepang Lekhonkhobe <tshepang@gmail.com>
To: Josselin Mouette <joss@debian.org>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 15:49:45 +0200
On Fri, 2011-05-06 at 15:16 +0200, Josselin Mouette wrote:
> Le vendredi 06 mai 2011 à 09:11 -0400, Scott Kitterman a écrit : 
> > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > >   Programming Lang: PHP
> > >   Description     : ocPortal is a Content Management System for building
> > > and maintaining a dynamic website
> > 
> > How many content management systems written in php does Debian need?
> 
> How about zero?

What's up with the hate? It's always convenient to have a package in
Debian, instead of hunting for it upstream. If it rots in Debian, then
it can easily be removed again (or left in Unstable).





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 14:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Armstrong <synrg@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 14:33:03 GMT) Full text and rfc822 format available.

Message #25 received at 625865@bugs.debian.org (full text, mbox):

From: Ben Armstrong <synrg@debian.org>
To: Tshepang Lekhonkhobe <tshepang@gmail.com>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 11:00:44 -0300
On 05/06/2011 10:49 AM, Tshepang Lekhonkhobe wrote:
> What's up with the hate? It's always convenient to have a package in
> Debian, instead of hunting for it upstream. If it rots in Debian, then
> it can easily be removed again (or left in Unstable).

Wrong. Every additional package costs the whole Debian project in
numerous ways. That's why we have these discussions up front on all
ITPs, so objections can be voiced.

Ben




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 14:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chris Warburton <chriswarbo@googlemail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 14:33:05 GMT) Full text and rfc822 format available.

Message #30 received at 625865@bugs.debian.org (full text, mbox):

From: Chris Warburton <chriswarbo@googlemail.com>
To: Scott Kitterman <debian@kitterman.com>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 15:29:03 +0100
On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> >   Programming Lang: PHP
> >   Description     : ocPortal is a Content Management System for building
> > and maintaining a dynamic website
> 
> How many content management systems written in php does Debian need?
> 
> Scott K
About the same as the number of C window managers? ;)
You have a valid point, so I've had a quick attempt to justify this. A
quick package search for "cms" and "content management" in all suites
gives 8 distinct, self-described CMS systems in Debian. 5 of these are
written in PHP.

For those which have entries, I've compared them on cmsmatrix.org and
the most impressive entry is WebGUI, which is made in Perl. However, the
(somewhat arbitrary) cmsmatrix feature count is still +4 in favour of
ocPortal. Also, for those who are into it, ocPortal is under the
Affero-style CPAL license, which is the reason I got involved in the
project.

Thanks,
Chris Warburton





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 15:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tshepang Lekhonkhobe <tshepang@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 15:18:03 GMT) Full text and rfc822 format available.

Message #35 received at 625865@bugs.debian.org (full text, mbox):

From: Tshepang Lekhonkhobe <tshepang@gmail.com>
To: Ben Armstrong <synrg@debian.org>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 17:14:41 +0200
On Fri, 2011-05-06 at 11:00 -0300, Ben Armstrong wrote:
> On 05/06/2011 10:49 AM, Tshepang Lekhonkhobe wrote:
> > What's up with the hate? It's always convenient to have a package in
> > Debian, instead of hunting for it upstream. If it rots in Debian, then
> > it can easily be removed again (or left in Unstable).
> 
> Wrong. Every additional package costs the whole Debian project in
> numerous ways. That's why we have these discussions up front on all
> ITPs, so objections can be voiced.

Q: How many content management systems written in php does Debian need?
A: How about zero?

Not exactly helpful.

That was before discussing if the guy filling the ITP mentioned his
readiness to respond to any RC bugs.





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 15:27:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tshepang Lekhonkhobe <tshepang@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 15:27:03 GMT) Full text and rfc822 format available.

Message #40 received at 625865@bugs.debian.org (full text, mbox):

From: Tshepang Lekhonkhobe <tshepang@gmail.com>
To: Scott Kitterman <debian@kitterman.com>
Cc: debian-devel@lists.debian.org, Chris Warburton <chriswarbo@googlemail.com>, 625865@bugs.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 17:23:50 +0200
On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> >   Programming Lang: PHP
> >   Description     : ocPortal is a Content Management System for building
> > and maintaining a dynamic website
> 
> How many content management systems written in php does Debian need?

It's not kool that you didn't even ask about how good it is. Maybe it's
better than whatever exists in Debian currently, have you checked? My
point is your question isn't helpful. It smacks of flaming.






Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 15:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Scott Kitterman <debian@kitterman.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 15:33:06 GMT) Full text and rfc822 format available.

Message #45 received at 625865@bugs.debian.org (full text, mbox):

From: Scott Kitterman <debian@kitterman.com>
To: debian-devel@lists.debian.org
Cc: 625865@bugs.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 6 May 2011 11:29:34 -0400
On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
> On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > >   Programming Lang: PHP
> > >   Description     : ocPortal is a Content Management System for
> > >   building
> > > 
> > > and maintaining a dynamic website
> > 
> > How many content management systems written in php does Debian need?
> 
> It's not kool that you didn't even ask about how good it is. Maybe it's
> better than whatever exists in Debian currently, have you checked? My
> point is your question isn't helpful. It smacks of flaming.

The question I should have asked is what is it's security record like.  This 
is an area that's rife with applications that have 'poor' security records.  
Adding more to that pile would be an unfortunate burden on the security team.  
That's probably the most significant of the project wide costs adding a package 
like this brings with it.

Scott K




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 15:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chris Warburton <chriswarbo@googlemail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 15:39:06 GMT) Full text and rfc822 format available.

Message #50 received at 625865@bugs.debian.org (full text, mbox):

From: Chris Warburton <chriswarbo@googlemail.com>
To: Tshepang Lekhonkhobe <tshepang@gmail.com>, 625865@bugs.debian.org
Cc: Ben Armstrong <synrg@debian.org>, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 16:34:37 +0100
On Fri, 2011-05-06 at 17:14 +0200, Tshepang Lekhonkhobe wrote:
> On Fri, 2011-05-06 at 11:00 -0300, Ben Armstrong wrote:
> > On 05/06/2011 10:49 AM, Tshepang Lekhonkhobe wrote:
> > > What's up with the hate? It's always convenient to have a package in
> > > Debian, instead of hunting for it upstream. If it rots in Debian, then
> > > it can easily be removed again (or left in Unstable).
> > 
> > Wrong. Every additional package costs the whole Debian project in
> > numerous ways. That's why we have these discussions up front on all
> > ITPs, so objections can be voiced.
> 
> Q: How many content management systems written in php does Debian need?
> A: How about zero?
> 
> Not exactly helpful.
> 
> That was before discussing if the guy filling the ITP mentioned his
> readiness to respond to any RC bugs.
> 
I should probably point out that I am an upstream ocPortal developer, so
I should be as capable as anyone in fixing technical bugs, and as a
long-time Debian user I don't count Debian bugs as any less important
than core ocPortal bugs.
With this said, I'm obviously incapable of some things. As an example,
ocPortal uses "swfupload" which may require me to wait on ITP bug
#609110, although I don't mind taking over its packaging if its activity
has ceased (I'm not familiar with the protocol for handling such cases).

Thanks,
Chris Waburton





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 15:51:12 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tshepang Lekhonkhobe <tshepang@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 15:51:12 GMT) Full text and rfc822 format available.

Message #55 received at 625865@bugs.debian.org (full text, mbox):

From: Tshepang Lekhonkhobe <tshepang@gmail.com>
To: Scott Kitterman <debian@kitterman.com>
Cc: debian-devel@lists.debian.org, 625865@bugs.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 17:50:06 +0200
On Fri, 2011-05-06 at 11:29 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
> > On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> > > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > > >   Programming Lang: PHP
> > > >   Description     : ocPortal is a Content Management System for
> > > >   building
> > > > 
> > > > and maintaining a dynamic website
> > > 
> > > How many content management systems written in php does Debian need?
> > 
> > It's not kool that you didn't even ask about how good it is. Maybe it's
> > better than whatever exists in Debian currently, have you checked? My
> > point is your question isn't helpful. It smacks of flaming.
> 
> The question I should have asked is what is it's security record like.  This 
> is an area that's rife with applications that have 'poor' security records.  
> Adding more to that pile would be an unfortunate burden on the security team.  
> That's probably the most significant of the project wide costs adding a package 
> like this brings with it.

Thanks for putting your objection in a more readable/friendly form.






Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 16:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chris Warburton <chriswarbo@googlemail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 16:03:03 GMT) Full text and rfc822 format available.

Message #60 received at 625865@bugs.debian.org (full text, mbox):

From: Chris Warburton <chriswarbo@googlemail.com>
To: Scott Kitterman <debian@kitterman.com>, 625865@bugs.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 16:56:09 +0100
On Fri, 2011-05-06 at 11:29 -0400, Scott Kitterman wrote:
> On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
> > On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
> > > On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
> > > >   Programming Lang: PHP
> > > >   Description     : ocPortal is a Content Management System for
> > > >   building
> > > > 
> > > > and maintaining a dynamic website
> > > 
> > > How many content management systems written in php does Debian need?
> > 
> > It's not kool that you didn't even ask about how good it is. Maybe it's
> > better than whatever exists in Debian currently, have you checked? My
> > point is your question isn't helpful. It smacks of flaming.
> 
> The question I should have asked is what is it's security record like.  This 
> is an area that's rife with applications that have 'poor' security records.  
> Adding more to that pile would be an unfortunate burden on the security team.  
> That's probably the most significant of the project wide costs adding a package 
> like this brings with it.
> 
> Scott K

Hi Scott. ocPortal isn't massively widespread compared to other systems,
so there's obviously less experimental proof of security. We had a
security hole a few years ago; this was before I got involved, but
there's details here http://en.wikipedia.org/wiki/OcPortal#Criticisms

Official ocPortal releases are managed by ocProducts, a company set up
around ocPortal (and who pay my salary), and we have a clear security
policy which can be found here
http://ocportal.com/site/maintenance.htm .

We also regularly run static code analysis tools on the codebase and we
test every release with a hacked PHP runtime that 1) triggers errors if
strings are not explicitly sanitised before going through eval, getting
echoed to a browser or being entered into a database, and 2) enforces a
type system on variables and function calls (based on type signatures
written into the PHPdoc of every function), and raises an error if there
is a type mismatch. I actually run this hacked PHP on my system in place
of the distro's own.

If there are specific security concerns I'd be happy to address them.

Thanks,
Chris Warburton





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 16:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ben Armstrong <synrg@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 16:27:04 GMT) Full text and rfc822 format available.

Message #65 received at 625865@bugs.debian.org (full text, mbox):

From: Ben Armstrong <synrg@debian.org>
To: Tshepang Lekhonkhobe <tshepang@gmail.com>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 13:24:33 -0300
On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> Q: How many content management systems written in php does Debian need?
> A: How about zero?
> 
> Not exactly helpful.

When developers are passionately opposed to a particular technology (and
not without reason here, I think,) they can be a bit blunt in expressing
it. The list of these goes on and on ... and while I certainly would be
more polite myself about expressing reservations about adding any more,
I'm not going to fault others for expressing their dissent. The way you
expressed your support seemed to me to gloss over the real cost of
adding a new package to the archive without any coherent argument as to
why this particular one was going to be no trouble at all (and/or worth
the trouble because it's so special).

Ben




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 16:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tshepang Lekhonkhobe <tshepang@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 16:45:05 GMT) Full text and rfc822 format available.

Message #70 received at 625865@bugs.debian.org (full text, mbox):

From: Tshepang Lekhonkhobe <tshepang@gmail.com>
To: Ben Armstrong <synrg@debian.org>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 18:39:26 +0200
On Fri, 2011-05-06 at 13:24 -0300, Ben Armstrong wrote:
> On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> > Q: How many content management systems written in php does Debian need?
> > A: How about zero?
> > 
> > Not exactly helpful.
> 
> When developers are passionately opposed to a particular technology (and
> not without reason here, I think,) they can be a bit blunt in expressing
> it. The list of these goes on and on ... and while I certainly would be
> more polite myself about expressing reservations about adding any more,
> I'm not going to fault others for expressing their dissent. The way you
> expressed your support seemed to me to gloss over the real cost of
> adding a new package to the archive without any coherent argument as to
> why this particular one was going to be no trouble at all (and/or worth
> the trouble because it's so special).

Strange that you read 'support' into my responses. Actually I have never
even heard of the proposed package, but that's not the point. I even
mentioned that if the package sucketh (if the guy proposing it proves
unreliable), then it can either remain in Unstable or be removed.

You don't just blatantly oppose Debian inclusion without mentioning why.
The great Josselin Mouette (yes, I really respect this guy for his
tireless GNOME maintenance) just did that, and the rest of us are
supposed to magically possess the history of PHP in Debian, and laugh it
off.

And no, you should fault others for expressing their dissent in this
unproductive manner.





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 17:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to George Danchev <danchev@spnet.net>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 17:15:05 GMT) Full text and rfc822 format available.

Message #75 received at 625865@bugs.debian.org (full text, mbox):

From: George Danchev <danchev@spnet.net>
To: debian-devel@lists.debian.org
Cc: Tshepang Lekhonkhobe <tshepang@gmail.com>, Ben Armstrong <synrg@debian.org>, 625865@bugs.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 6 May 2011 20:03:43 +0300
On Friday 06 May 2011 19:39:26 Tshepang Lekhonkhobe wrote:
> On Fri, 2011-05-06 at 13:24 -0300, Ben Armstrong wrote:
> > On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> > > Q: How many content management systems written in php does Debian need?
> > > A: How about zero?
> > > 
> > > Not exactly helpful.
> > 
> > When developers are passionately opposed to a particular technology (and
> > not without reason here, I think,) they can be a bit blunt in expressing
> > it. The list of these goes on and on ... and while I certainly would be
> > more polite myself about expressing reservations about adding any more,
> > I'm not going to fault others for expressing their dissent. The way you
> > expressed your support seemed to me to gloss over the real cost of
> > adding a new package to the archive without any coherent argument as to
> > why this particular one was going to be no trouble at all (and/or worth
> > the trouble because it's so special).
> 
> Strange that you read 'support' into my responses. Actually I have never
> even heard of the proposed package, but that's not the point. I even
> mentioned that if the package sucketh (if the guy proposing it proves
> unreliable), then it can either remain in Unstable or be removed.

Upload to 'unstable' and see how it goes could be quite suboptimal tactics 
most of the time. I'm not talking about that particular package, but not every 
package which flies in the free software skies deserves to be in Debian archive 
in my own opinion. Inclusions costs human time.

> You don't just blatantly oppose Debian inclusion without mentioning why.
> The great Josselin Mouette (yes, I really respect this guy for his
> tireless GNOME maintenance) just did that, and the rest of us are
> supposed to magically possess the history of PHP in Debian, and laugh it
> off.
> 
> And no, you should fault others for expressing their dissent in this
> unproductive manner.

Well, maybe if you look at that from a different angle, you can find it 
productive as in: don't spend your time packaging that particular one, as 
chances are very low for upload.

-- 
pub 4096R/0E4BD0AB <people.fccf.net/danchev/key pgp.mit.edu>




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 17:33:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Tshepang Lekhonkhobe <tshepang@gmail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 17:33:08 GMT) Full text and rfc822 format available.

Message #80 received at 625865@bugs.debian.org (full text, mbox):

From: Tshepang Lekhonkhobe <tshepang@gmail.com>
To: George Danchev <danchev@spnet.net>
Cc: debian-devel@lists.debian.org, Ben Armstrong <synrg@debian.org>, 625865@bugs.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 06 May 2011 19:30:32 +0200
On Fri, 2011-05-06 at 20:03 +0300, George Danchev wrote:
> On Friday 06 May 2011 19:39:26 Tshepang Lekhonkhobe wrote:
> > On Fri, 2011-05-06 at 13:24 -0300, Ben Armstrong wrote:
> > > On 05/06/2011 12:14 PM, Tshepang Lekhonkhobe wrote:
> > > > Q: How many content management systems written in php does Debian need?
> > > > A: How about zero?
> > > > 
> > > > Not exactly helpful.
> > > 
> > > When developers are passionately opposed to a particular technology (and
> > > not without reason here, I think,) they can be a bit blunt in expressing
> > > it. The list of these goes on and on ... and while I certainly would be
> > > more polite myself about expressing reservations about adding any more,
> > > I'm not going to fault others for expressing their dissent. The way you
> > > expressed your support seemed to me to gloss over the real cost of
> > > adding a new package to the archive without any coherent argument as to
> > > why this particular one was going to be no trouble at all (and/or worth
> > > the trouble because it's so special).
> > 
> > Strange that you read 'support' into my responses. Actually I have never
> > even heard of the proposed package, but that's not the point. I even
> > mentioned that if the package sucketh (if the guy proposing it proves
> > unreliable), then it can either remain in Unstable or be removed.
> 
> Upload to 'unstable' and see how it goes could be quite suboptimal tactics 
> most of the time. I'm not talking about that particular package, but not every 
> package which flies in the free software skies deserves to be in Debian archive 
> in my own opinion. Inclusions costs human time.

I am not opposed to this. But again, that was not the point. Point was
automatic 'should not be in Debian' without giving reasons. And if
maintainer is willing to be on top of things, what extra work is there
for anyone, except those handling NEW?

> > You don't just blatantly oppose Debian inclusion without mentioning why.
> > The great Josselin Mouette (yes, I really respect this guy for his
> > tireless GNOME maintenance) just did that, and the rest of us are
> > supposed to magically possess the history of PHP in Debian, and laugh it
> > off.
> > 
> > And no, you should fault others for expressing their dissent in this
> > unproductive manner.
> 
> Well, maybe if you look at that from a different angle, you can find it 
> productive as in: don't spend your time packaging that particular one, as 
> chances are very low for upload.

I don't understand what you are saying here. My point was the manner in
which the response was made. I used the word 'productive' because the
guy wasn't saying why he was objecting to this particular package.





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Fri, 06 May 2011 21:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Henrique de Moraes Holschuh <hmh@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Fri, 06 May 2011 21:15:03 GMT) Full text and rfc822 format available.

Message #85 received at 625865@bugs.debian.org (full text, mbox):

From: Henrique de Moraes Holschuh <hmh@debian.org>
To: Chris Warburton <chriswarbo@googlemail.com>
Cc: Scott Kitterman <debian@kitterman.com>, 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Fri, 6 May 2011 18:11:21 -0300
On Fri, 06 May 2011, Chris Warburton wrote:
> Hi Scott. ocPortal isn't massively widespread compared to other systems,
> so there's obviously less experimental proof of security. We had a
> security hole a few years ago; this was before I got involved, but
> there's details here http://en.wikipedia.org/wiki/OcPortal#Criticisms
> 
> Official ocPortal releases are managed by ocProducts, a company set up
> around ocPortal (and who pay my salary), and we have a clear security
> policy which can be found here
> http://ocportal.com/site/maintenance.htm .
> 
> We also regularly run static code analysis tools on the codebase and we
> test every release with a hacked PHP runtime that 1) triggers errors if
> strings are not explicitly sanitised before going through eval, getting
> echoed to a browser or being entered into a database, and 2) enforces a
> type system on variables and function calls (based on type signatures
> written into the PHPdoc of every function), and raises an error if there
> is a type mismatch. I actually run this hacked PHP on my system in place
> of the distro's own.
> 
> If there are specific security concerns I'd be happy to address them.

This is a better security policy than most PHP packages we have in the
archive.

That alone is grounds enough to allow ocportal in IMO.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Sat, 07 May 2011 18:24:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Asheesh Laroia <asheesh@asheesh.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Sat, 07 May 2011 18:24:05 GMT) Full text and rfc822 format available.

Message #90 received at 625865@bugs.debian.org (full text, mbox):

From: Asheesh Laroia <asheesh@asheesh.org>
To: Chris Warburton <chriswarbo@googlemail.com>
Cc: 625865@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#625865: ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
Date: Sat, 7 May 2011 14:14:21 -0400 (EDT)
On Fri, 6 May 2011, Chris Warburton wrote:

> On Fri, 2011-05-06 at 11:29 -0400, Scott Kitterman wrote:
>> On Friday, May 06, 2011 11:23:50 AM Tshepang Lekhonkhobe wrote:
>>> On Fri, 2011-05-06 at 09:11 -0400, Scott Kitterman wrote:
>>>> On Friday, May 06, 2011 08:56:21 AM Chris Warburton wrote:
>>>>>   Programming Lang: PHP
>>>>>   Description     : ocPortal is a Content Management System for
>>>>>   building
>>>>>
>>>>> and maintaining a dynamic website
>>>>
>>>> How many content management systems written in php does Debian need?
>>>
>>> It's not kool that you didn't even ask about how good it is. Maybe it's
>>> better than whatever exists in Debian currently, have you checked? My
>>> point is your question isn't helpful. It smacks of flaming.
>>
>> The question I should have asked is what is it's security record like.  This
>> is an area that's rife with applications that have 'poor' security records.
>> Adding more to that pile would be an unfortunate burden on the security team.
>> That's probably the most significant of the project wide costs adding a package
>> like this brings with it.
>>
>> Scott K
>
> Hi Scott. ocPortal isn't massively widespread compared to other systems,
> so there's obviously less experimental proof of security. We had a
> security hole a few years ago; this was before I got involved, but
> there's details here http://en.wikipedia.org/wiki/OcPortal#Criticisms

Hi Chris and the ITP and debian-devel,

I think that if you are willing to work to make this a high-quality 
package, and be a responsive maintainer to bugs reported by users, I think 
it will be great to have you maintain it in Debian.

The security work that you've described sounds great, and I hope that 
other PHP app upstreams hold their apps to such a high standard. If not, 
maybe you can use your tools to start filing bugs left and right against 
them. (-:

For that reason, I will review your packaging when it's ready, and sponsor 
it into Debian if it passes muster. Keep me posted.

-- 
-- Asheesh.

http://asheesh.org/

Life is to you a dashing and bold adventure.




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Mon, 16 May 2011 17:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chris Warburton <chriswarbo@googlemail.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Mon, 16 May 2011 17:09:03 GMT) Full text and rfc822 format available.

Message #95 received at 625865@bugs.debian.org (full text, mbox):

From: Chris Warburton <chriswarbo@googlemail.com>
To: asheesh@asheesh.org, 625865@bugs.debian.org
Subject: ocPortal Update
Date: Mon, 16 May 2011 18:05:27 +0100
	Just thought I'd give an update on my progress. So far the ocPortal
codebase has been reviewed for copyright. Anything with unclear terms
has been removed/replaced, leaving behind Free Software and a couple of
proprietary third-party components (such as the JWPlayer flash video
player). The proprietary components have been turned into optional
modules, making them trivial to strip from the Debian package.
	As well as this, the default ocPortal theme contains some non-DFSG-free
artwork for the icons. I've made a replacement theme based on KDE's
Oxygen icons which can be applied over the top of the default theme and
replaces all of the non-free artwork[1]. It's not a complete theme, so
there are still some default icons left which make the interface a
little inconsistent, but at least they're all freely licensed.
	Likewise sound effects for the audio CAPTCHA and chat rooms have been
replaced with DFSG-free files (sourced from existing Debian packages,
such as Asterisk).
	I've been reading the policy guides (the core Debian policy, as well as
the PHP, WebApp and Database policies) and am currently working out how
to turn ocPortal's installer into a dbconfig-based debconf script.
	From messaging the WebApp mailing list[2] I've been told that one of
the biggest concerns would be bundling software which is already
included in Debian, which QA understandably frown upon. Unfortunately
this impacts ocPortal, mainly since it uses a heavily modified version
of CKEditor, a vanilla version of which is already packaged. Diffing
between the two gives an unfathomable mountain of changes, so
merging/patching them seems hopeless. I've tried symlinking to Debian's
ckeditor package in place of this bundled version, and this doesn't
cause any immediate problems in ocPortal, however our experience of
having CKEditor integrated is that there are a load of edge-cases where
it misbehaves; this is probably due to our particular usage of CKEditor,
which converts the HTML it outputs into ocPortal's Comcode language.
This makes me think that bundling the modified CKEditor would be
preferable, despite its existence in the Debian archive.

[1]
http://ocportal.com/site/downloads/entry/add-onsmodifications/version_50/themes_4/oxygen_icons.htm
[2] http://lists.debian.org/debian-webapps/2011/04/msg00001.html

Thanks,
Chris Warburton





Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Mon, 16 May 2011 18:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Asheesh Laroia <asheesh@asheesh.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Mon, 16 May 2011 18:27:03 GMT) Full text and rfc822 format available.

Message #100 received at 625865@bugs.debian.org (full text, mbox):

From: Asheesh Laroia <asheesh@asheesh.org>
To: Chris Warburton <chriswarbo@googlemail.com>
Cc: 625865@bugs.debian.org
Subject: Re: ocPortal Update
Date: Mon, 16 May 2011 14:24:41 -0400 (EDT)
On Mon, 16 May 2011, Chris Warburton wrote:

> 	Just thought I'd give an update on my progress. So far the ocPortal
> codebase has been reviewed for copyright. Anything with unclear terms
> has been removed/replaced, leaving behind Free Software and a couple of
> proprietary third-party components (such as the JWPlayer flash video
> player). The proprietary components have been turned into optional
> modules, making them trivial to strip from the Debian package.

Sweet.

> 	As well as this, the default ocPortal theme contains some non-DFSG-free
> artwork for the icons. I've made a replacement theme based on KDE's
> Oxygen icons which can be applied over the top of the default theme and
> replaces all of the non-free artwork[1]. It's not a complete theme, so
> there are still some default icons left which make the interface a
> little inconsistent, but at least they're all freely licensed.

That's a reasonable place to be in for now. Make sure the tarball you 
plan to upload to Debian contains only dfsg-free pieces.

> 	Likewise sound effects for the audio CAPTCHA and chat rooms have been
> replaced with DFSG-free files (sourced from existing Debian packages,
> such as Asterisk).

Great!

> 	I've been reading the policy guides (the core Debian policy, as well as
> the PHP, WebApp and Database policies) and am currently working out how
> to turn ocPortal's installer into a dbconfig-based debconf script.

*nod*

> 	From messaging the WebApp mailing list[2] I've been told that one of
> the biggest concerns would be bundling software which is already
> included in Debian, which QA understandably frown upon. Unfortunately
> this impacts ocPortal, mainly since it uses a heavily modified version
> of CKEditor, a vanilla version of which is already packaged. Diffing
> between the two gives an unfathomable mountain of changes, so
> merging/patching them seems hopeless. I've tried symlinking to Debian's
> ckeditor package in place of this bundled version, and this doesn't
> cause any immediate problems in ocPortal, however our experience of
> having CKEditor integrated is that there are a load of edge-cases where
> it misbehaves; this is probably due to our particular usage of CKEditor,
> which converts the HTML it outputs into ocPortal's Comcode language.
> This makes me think that bundling the modified CKEditor would be
> preferable, despite its existence in the Debian archive.

I would lean toward using the Debian-system CKEditor and maybe dealing 
with a few bugs in these edge cases, in the short term.

In the long term, upstream, I wonder if you can switch to bundling an 
unmodified CKEditor and writing custom code to transform its 
*output* rather than modifying the editor itself. I wonder what 
you think of that.

Thanks for this update! It's very helpful.

-- 
-- Asheesh.

http://asheesh.org/

Why is it that we rejoice at a birth and grieve at a funeral?  It is because we
are not the person involved.
		-- Mark Twain, "Pudd'nhead Wilson's Calendar"




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>:
Bug#625865; Package wnpp. (Mon, 27 May 2013 14:14:28 GMT) Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Chris Warburton <chriswarbo@gmail.com>. (Mon, 27 May 2013 14:14:28 GMT) Full text and rfc822 format available.

Message #105 received at 625865@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@debian.org>
To: 625865@bugs.debian.org
Cc: control@bugs.debian.org
Subject: ocportal: changing back from ITP to RFP
Date: Mon, 27 May 2013 15:24:24 +0200
retitle 625865 RFP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
noowner 625865
tag 625865 - pending
thanks

Hi,

This is an automatic email to change the status of ocportal back from ITP
(Intent to Package) to RFP (Request for Package), because this bug hasn't seen
any activity during the last 12 months.

If you are still interested in adopting ocportal, please send a mail to
<control@bugs.debian.org> with:

 retitle 625865 ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website
 owner 625865 !
 thanks

However, it is not recommended to keep ITP for a long time without acting on
the package, as it might cause other prospective maintainers to refrain from
packaging that software. It is also a good idea to document your progress on
this ITP from time to time, by mailing <625865@bugs.debian.org>.

Thank you for your interest in Debian,
-- 
Lucas, for the QA team <debian-qa@lists.debian.org>



Changed Bug title to 'RFP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website' from 'ITP: ocportal -- ocPortal is a Content Management System for building and maintaining a dynamic website' Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Mon, 27 May 2013 14:25:41 GMT) Full text and rfc822 format available.

Removed annotation that Bug was owned by Chris Warburton <chriswarbo@gmail.com>. Request was from Lucas Nussbaum <lucas@debian.org> to control@bugs.debian.org. (Mon, 27 May 2013 14:25:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 11:09:00 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.