hi, On Mon, Sep 23, 2013 at 8:56 PM, Jonas Smedegaard <[email protected]> wrote:
> Package: rt4-extension-jsgantt,trac-jsgantt > Severity: normal > Tags: security > > Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript > library jsgantt. > > That Javascript library should instead be packaged separately and > depended upon. Package name should be libjs-jsgantt according to > <https://wiki.debian.org/Javascript/Policy>. > > This issue potentially affects security: See Debian Policy 3.9.4 ยง 4.13. Unfortunately, rt-extension-jsgantt includes modified version of jsgantt to work with rt, so it couldn't depend on libjs-jsgantt if it exists. regards, -- KURASHIKI Satoru
