Use out-of-tree phpBB
Bug #492409 reported by
Nick Chadwick
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| IVLE |
Fix Released
|
Critical
|
William Grant | ||
Bug Description
phpBB is an abomination, has huge security issues often, and needs to be
shot. It should be removed from the tree, with the current auth stuff
implemented as some kind of plugin. Otherwise it will make security people
like me and Baby Jesus cry.
Revision history for this message
| Matt Giuca (mgiuca) wrote | #1 |
Revision history for this message
| William Grant (wgrant) wrote | #2 |
To post a comment you must log in.
This is critical. We can't (at least, in good conscience) put the PHP code into the
.deb package.
Since we require local modifications to phpBB, we can't just have the deb package
depend upon the system phpBB. The plan is (and Baby Jesus isn't going to like this):
1. Provide a separate package ivle-forum. The forum isn't part of IVLE proper at all.
2. ivle-forum has a postinst script which does an apt-get source of phpBB, then
applies our local patch, and installs it.
Could be a problem if the source code changes too much. Maybe we just want our own
copy of the phpBB source in the deb package, but we'd rather not.
The ultimate solution is to write a phpBB auth plugin.