[Python-apps-team] Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
Satoru KURASHIKI
lurdan at gmail.com
Tue Oct 8 12:34:49 UTC 2013
hi,
On Mon, Sep 23, 2013 at 8:56 PM, Jonas Smedegaard <dr at jones.dk> wrote:
> Package: rt4-extension-jsgantt,trac-jsgantt
> Severity: normal
> Tags: security
>
> Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript
> library jsgantt.
>
> That Javascript library should instead be packaged separately and
> depended upon. Package name should be libjs-jsgantt according to
> <https://wiki.debian.org/Javascript/Policy>.
>
> This issue potentially affects security: See Debian Policy 3.9.4 § 4.13.
Unfortunately, rt-extension-jsgantt includes modified version of jsgantt to
work with rt, so it couldn't depend on libjs-jsgantt if it exists.
regards,
--
KURASHIKI Satoru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20131008/46f3eb65/attachment-0001.html>
More information about the Python-apps-team
mailing list