[Bug 481536] Review Request: enano - Enano CMS, a php-based modular content management system

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=481536





--- Comment #12 from Dan Fuhry <dan@xxxxxxxxxxxx>  2009-05-29 14:04:22 EDT ---
1. The way Enano bundles libraries, we only use parts that are very, very
unlikely to result in security vulnerabilities because they are only ever given
sanitized input.

2. I've checked the validity of these.

    * engine_failsafe: from the phpBB project (v2.0.21), and is GPLv2+.
Clarified in comments in upstream.
    * Tigra: we got them to license it under the GPL. I will be fixing the
comments in upstream shortly.
    * Prefilter: this is an upstream licensing issue for us. Prefilter is from
Text_Wiki. The file is a skeleton anyway. I suspect the author labeled it
wrongly. I'll just rewrite this file for Enano. See:
http://hg.enanocms.org/repos/enano-1.1/file/tip/includes/wikiengine/Render/Plain/Prefilter.php
    * I'm considering removing the graph stuff. It wasn't used for very long
and I was afraid of API breakage which is the only reason it's still in there.
I don't know about stuff under the PHP license; from what I know (and I could
very likely be wrong), it should be legal to link code under the PHP License
with GPL code.
    * The failsafe graph code (with that sketchy comment) is GPL. Citation:
http://google.com/codesearch/p?hl=en#bvpP-RfBwPE/sb_statsbar.php&q=%22function%20BarGraphHoriz%22
      Going by the fact that this file was released in 2006, and it points to
the URL which always shows the latest version of the license, it would be very
safe to assume this means GPLv2 or later. I still might remove it because it's
a stale and unmaintained part of the API.

One quick question. Have you looked at licenses/index.html?
Do that and *then* tell us what our problems are. Every third party component
that's been added to Enano with the exception of public domain code has been
documented in that file, with copies of all relevant licenses included.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]