Much belated response, sorry... :-( On Mon, Aug 20, 2018 at 02:54:37PM +0200, Thomas Waldmann wrote:
https://salsa.debian.org/debian/moin/tree/master/debian/patches
Have gone through them (again) and the current state is like that:
fix_wrong_digestmod_of_hmac.new_calls.patch
Patch from download page (I guess), fixed in git already.
Yup, that's where we picked it up from.
fix_rss.patch Fix rss_rc action to stop crashes
I opened github issue, please add more details there:
Sorry, responding here instead. I closed my github account when they were bought out by Microsoft. :-( On wiki.debian.org we saw lots of errors, as shown in https://bugs.debian.org/787583 looking like mod_wsgi (pid=1755): Exception occurred processing WSGI script '/srv/wiki.debian.org/bin/moin.wsgi'. Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/werkzeug/wsgi.py", line 588, in __call__ return self.app(environ, start_response) File "/usr/lib/python2.7/dist-packages/MoinMoin/wsgiapp.py", line 264, in __call__ response = run(context) File "/usr/lib/python2.7/dist-packages/MoinMoin/wsgiapp.py", line 89, in run response = dispatch(request, context, action_name) File "/usr/lib/python2.7/dist-packages/MoinMoin/wsgiapp.py", line 137, in dispatch response = handle_action(context, pagename, action_name) File "/usr/lib/python2.7/dist-packages/MoinMoin/wsgiapp.py", line 203, in handle_action handler(context.page.page_name, context) File "/usr/lib/python2.7/dist-packages/MoinMoin/action/rss_rc.py", line 178, in execute handler._write( AttributeError: RssGenerator instance has no attribute '_write' This simple patch made the noise stop. I'll admit we've not looked at this in a while...
incremental-dump.patch implement an incremental dump process Implement an incremental dump process. This also fixes dumping of the attachments. This also allows the dump script to be interrupted.
Sounds useful, but for 1.9.10 guess I'ld prefer a bug report about what is broken with the attachments and a fix-only pull request that fixes just that.
disable_gui_editor_if_fckeditor_missing.patch hardcode_configdir.patch htdocs_moved_to_usr_share_moin.patch use_systemwide_libs.patch
Dist packaging specific, not needed upstream.
ACK.
remove_favicon.patch
Cosmetic.
But it's something that affects privacy. We've got a policy of removing remote resources like favicons from Debian packages where possible.
external_account_creation_check.patch mail-verification.patch netaddr_hosts_deny.patch recaptcha.patch
Lots of efforts on spam fighting.
We need to fight spam bots, but the problem is that (AFAIK) they have already worked around all these mechanisms.
They're part of a defence-in-depth approach for us. recaptcha is not all that useful for us now, but the others help: * We verify emails, so we have email addresses attached to accounts at least. * Next, we call out to an external script to validate account creation. That script uses a lot of heuristics to determine how spammy a new account signup attempt is, and has the power to blacklist IP addresses etc. We analyze the logs from that script to see what's going on and potentially block wider blocks of addresses. * The netaddr_hosts_deny patch is something I've just developed and we haven't yet deployed it. The existing code to simply match using startswith is very limited...
I'll write a separate mail about my recent attempts on spam fighting.
ACK, saw that - I'll respond to that too.
* A check of the licensing in Moin showed up two sets of images where licensing is not as clear as we'd like:
Ugh. Well, I guess this is rather a documentation issue than a licensing issue as IIRC we never have used anything we are not permitted to use.
But I also can't remember the details about these 7 icons. Guess we have them since > 10 years.
Right. We're developing better and better QA tools in Debian - they picked up on these files which have been around for a very long time. Do you know where they came from, and who committed them? I've tried to contact the people involved from the embedded information, with no response.
(the list is longer than 7 because they were copied into multiple themes)
Nod.
There's also a range of bug reports in the Debian BTS:
ACK. :-) -- Steve McIntyre, Cambridge, UK. steve@einval.com "I used to be the first kid on the block wanting a cranial implant, now I want to be the first with a cranial firewall. " -- Charlie Stross