-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Olivier Berger wrote: [...] > > The corresponding ITP is found at > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542 > > Note that this package would allow the dependency of a number of > packages such as moodle and glpi on that package instead of shipping a > copy of phpCAS (http://packages.debian.org/sid/all/moodle/filelist and > http://packages.debian.org/sid/all/glpi/filelist). While you are at it, as your package also uses domxml-php4-php5.php why don't you also package it? (it would be better if the code was finally ported instead of using a wrapper, though). debian/control: > Depends: ${misc:Depends}, php5, php5-curl, php-db Does it really need a web SAPI? or can it be used with php5-cli? in the latter case add an ORed dependency on php5-cli in addition to php5. debian/rules: What about cleaning it up? debian/copyright: > Upstream Author: > > Pascal Aubry What about also displaying his email address? > License: (stated at : http://www.ja-sig.org/wiki/display/CASC/phpCAS) what about docs/README? > - In case of jurisdiction dispute, the French law is authoritative. let's see what ftpmasters say about this. debian/dirs: empty? delete it debian/docs: ditto debian/README.Debian: > This packaging needs testing as I'm not fully sure there ain't > regressions introduced by this upgrade of the DOM parsing library. Have you at lest tested the basic functionality of the library with the newer version of domxml-php4-php5.php or are you blindly packaging stuff? CAS.php: > define("CAS_PGT_STORAGE_FILE_DEFAULT_PATH",'/tmp'); .. > define("CAS_PGT_STORAGE_FILE_FORMAT_PLAIN",'plain'); Doesn't look good at all. CAS/client.php: > if ( $this->isProxy() ) { > // pass the callback url for CAS proxies > $validate_url .= '&pgtUrl='.$this->getCallbackURL(); > } Improper sanitation of getCallbackURL which uses data like REQUEST_URI; and there's more about this, but I'm better going to test it and send the info to bugtraq. What about also shipping the api docs? > > I would be glad if someone uploaded this package for me. > > Kind regards > Olivier Berger Cheers, - -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkh4DgACgkQYy49rUbZzlpidACdHdyy2K2FNo2334O5aYeJBE3N UuMAnitV2FwS6aXckmPYlucnoaLBivPm =bYUb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
