Home > Archive > PHP PEAR Questions and Answers > February 2006 > Re: [PEAR-QA] Status of Auth
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: [PEAR-QA] Status of Auth
|
|
| Arnaud Limbourg 2006-02-15, 3:56 am |
| I had a discussion with yavor a couple of months ago, he told me he did
not have the time to maintain the auth package
(http://beeblex.com/lists/index.php/php.pear.qa/3147).
Christophe was also trying to get one of his colleague to work on the
package and made a few commits in that respect. I do not know where it
stands now.
Christophe, what is your status on that ?
Arnaud.
Martin Jansen wrote:
> A few minutes ago I have released emergency updates for the Auth
> package. They had become necessary after vulnerabilities in the DB and
> LDAP storage containers had been discovered.
>
> For the 1.2.x branch (stable) I fetched RELEASE_1_2_3 from CVS, patched
> it and released 1.2.4 from it containing only minimal changes. For the
> 1.3.x branch (beta) I released the current version from CVS plus the
> security patch.
>
> The reporter of the vulnerability originally reported the issue to Yavor
> Shahpasov, who is the current lead maintainer. When he got no reply, he
> contacted James Flemer and me (both of us are inactive). Does anyone
> know about Yavor's status? Do you guys know of someone who is willing
> to take over Auth? Otherwise I'm afraid we'll have to flag the package
> as unmaintained.
>
> - Martin
>
| |
| Martin Jansen 2006-02-16, 3:57 am |
| On Wed Feb 15, 2006 at 09:2851AM +0100, Arnaud Limbourg wrote:
> I had a discussion with yavor a couple of months ago, he told me he did
> not have the time to maintain the auth package
> (http://beeblex.com/lists/index.php/php.pear.qa/3147).
>
> Christophe was also trying to get one of his colleague to work on the
> package and made a few commits in that respect. I do not know where it
> stands now.
>
> Christophe, what is your status on that ?
Unless we get a reply on this in the next days we should consider Adam's
candidature in this thread. Judging from his mail he seems motivated
enough to take over the job.
- Martin
| |
| Arnaud Limbourg 2006-02-16, 7:56 am |
| Martin Jansen wrote:
> On Wed Feb 15, 2006 at 09:2851AM +0100, Arnaud Limbourg wrote:
>
> Unless we get a reply on this in the next days we should consider Adam's
> candidature in this thread. Judging from his mail he seems motivated
> enough to take over the job.
Agreed.
Arnaud.
| |
| Christophe Gesché 2006-02-17, 6:56 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Jansen a écrit :
> On Wed Feb 15, 2006 at 09:2851AM +0100, Arnaud Limbourg wrote:
>
> Unless we get a reply on this in the next days we should consider Adam's
> candidature in this thread. Judging from his mail he seems motivated
> enough to take over the job.
Yes give him the lead.
I have discuss with my team.
We are ready to contribute to the package until we keep it in our
application.
But we don't found serious to lead a package when we don't have
possibility to check really all container.
(a personal opnion I think that each container can be a sub package
with a performant lead (like with validate))
Actually when we have a problem with auth, we search a solution
applicable both for us and for "generic" like request in pear.
When a soltion is found I commit it.
But our objective is to reduce our work by using an "external" package
instead made a really like but home made class.
Unfortunately, my co-worker trying to you a recent release repport
me that new bug comes , but change done by us are gone.... So
finally if it's more work to contribue + locally hack after each
checkout of auth, it's better for us to fork and stop to work with
pear for this ;(
Personnaly as PEAR -private- contributor, I'm happy to hope view my
team be involved in PEAR.
- --
Christophe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
iD8DBQFD9h4J0lB609RSN5wRAoGaAJ4jbO4zm/FsgP7w1BLpXaDPGTIY8gCfS001
2YdoElpv06vTPd7vIog6RNM=
=Dvan
-----END PGP SIGNATURE-----
--
---------------------------------
Moosh -- claroline.net -- php.net
=== Php & Pear @ Fosdem 2006 ===
http://moosh.et.son.brol.be/ (fr)
| |
| bertrand Gugger 2006-02-17, 6:56 pm |
| Christophe Gesché wrote:
>We are ready to contribute to the package until we keep it in our
>application.
>But we don't found serious to lead a package when we don't have
>possibility to check really all container.
>(a personal opnion I think that each container can be a sub package
>with a performant lead (like with validate))
>
>
It's an evidence.
| |
| bertrand Gugger 2006-02-17, 6:56 pm |
| bertrand Gugger wrote:
> Christophe Gesché wrote:
>
> It's an evidence.
>
pear is known as its fundations:
* DB is overloaded
* Mail got ill
* Auth id afraid
Afraid to take it once and make it "modern",
so many relies on it.
yes, changing a bit in it is kinda responsibilities.
so many would like keeping rely on it.
Sorry for this auto-reply.
--
toggg
| |
| Yavor Shahpasov 2006-02-20, 6:56 pm |
| Hello Guys,
I welcome Adam as the new maintainer of Auth.
If I can help with anything use my personal email yavosh@gmail.com as I
don't monitor the pear lists
Regards,
Yavor
Martin Jansen wrote:
> On Wed Feb 15, 2006 at 09:2851AM +0100, Arnaud Limbourg wrote:
>
>
> Unless we get a reply on this in the next days we should consider Adam's
> candidature in this thread. Judging from his mail he seems motivated
> enough to take over the job.
>
> - Martin
>
>
|
|
|
|
|