Use out-of-tree phpBB

Bug #492409 reported by Nick Chadwick
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
IVLE
Fix Released
Critical
William Grant

Bug Description

phpBB is an abomination, has huge security issues often, and needs to be
shot. It should be removed from the tree, with the current auth stuff
implemented as some kind of plugin. Otherwise it will make security people
like me and Baby Jesus cry.

Revision history for this message
Matt Giuca (mgiuca) wrote :

This is critical. We can't (at least, in good conscience) put the PHP code into the
.deb package.

Since we require local modifications to phpBB, we can't just have the deb package
depend upon the system phpBB. The plan is (and Baby Jesus isn't going to like this):

1. Provide a separate package ivle-forum. The forum isn't part of IVLE proper at all.
2. ivle-forum has a postinst script which does an apt-get source of phpBB, then
applies our local patch, and installs it.

Could be a problem if the source code changes too much. Maybe we just want our own
copy of the phpBB source in the deb package, but we'd rather not.

The ultimate solution is to write a phpBB auth plugin.

Revision history for this message
William Grant (wgrant) wrote :

lp:~ivle-dev/ivle/no-phpbb-for-you removes phpBB from our source tree, instead
supplying instructions and a patch. ivle.webapp.forum is not used in the default
installation.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers