On Mon, Jan 27, 2014 at 10:30 AM, Nicolas <nikro...@gmail.com> wrote: > Hi all, > > the problems occured for dotclear package and I removed theses swf files > from doctlear package. And there were exploit with swfupload. There seems to > be fixed with wordpress but I think it's a good idea to remove that stuff. > > As far as I understand, I think the real problem with theses swf files is > that they can not be build from a debian system. Would it not be a debian > policy viloation ? Excuse me if my question is a bit stupid.
swf* could be built. DFSG ask you to rebuilt from source. So it is a policy violation because you do not rebuilt from source Bastien *with pain see https://wiki.debian.org/Flash and mtasc > > Nicolas > > > 2014-01-27 Bastien ROUCARIES <roucaries.bast...@gmail.com> > >> >> Le 27 janv. 2014 00:26, "Raphael Hertzog" <hert...@debian.org> a écrit : >> >> >> > >> > Hello Bastien, >> > >> > On Sun, 26 Jan 2014, bastien ROUCARIES wrote: >> > > X-Debbugs-CC: ftpmas...@debian.org >> > >> > I still don't understand why you CC ftpmasters. Care to explain me? >> >> See private mail >> >> >> > >> > > wordpress 3.8.1+dfsg-1 (source) >> > > >> > > wp-includes/js/mediaelement/flashmediaelement.swf >> > >> > This one needs investigation. >> > >> > It comes from https://github.com/johndyer/mediaelement/ and is licensed >> > under a MIT license. http://mediaelementjs.com/ >> > >> > We should probably ship the code in debian/missing-sources/ and prod >> > wordpress upstream's that they must add it to >> > http://code.svn.wordpress.org/wordpress-sources/ >> > >> > Current wordpress ships version 2.13.0 of that library. >> > >> > > wp-includes/js/plupload/plupload.flash.swf >> > >> > The sources are in debian/missing-sources/plupload-1.5.7/flash/ >> Care to add Lintian override with comments pointing to it ? >> >> > > wp-includes/js/swfupload/swfupload.swf >> > > debian/missing-sources/swfupload-2.2.0.1/Flash/swfupload.swf >> > >> > Your check found the directory where the sources are: >> > debian/missing-sources/swfupload-2.2.0.1/Flash/ >> OK >> > > wp-includes/js/tinymce/plugins/media/moxieplayer.swf >> > >> > This one needs investigation. Sources are at >> > https://github.com/moxiecode/moxieplayer but it looks like >> > it's only needed as part of some fallback mechanism when <video> >> > doesn't work. >> > >> > Maybe we can just drop it (the packaged tinymce drops it too). >> As you want maybe ask tiny MCE to package moxieplayer and re add it ? >> >> Thanks >> >> Bastien >> >> >> > Cheers, >> > -- >> > Raphaël Hertzog ◈ Debian Developer >> > >> > Discover the Debian Administrator's Handbook: >> > → http://debian-handbook.info/get/ > > -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
