Fwd: ejabberd inclusion into main
On Wed, Jan 14, 2009 at 11:05:05AM -0800, Jordan Mantha wrote:
> ---------- Forwarded message ----------
> From: David Van Assche <dvanassche@gmail.com>
>
> Ejabberd is the defacto standard messaging server that permits a
> whole host of xmpp communication inlcuding collaboration as used in
> various apps like abiword and inkscape. Currently it sits in Universe,
> along with its dependencies. We would like it in main for inclusion in the
> ubuntu educational CD. This is also a step towards getting sugar into
> main, as ejabberd is used by sugar for communication and
> collaboration. Here are the source packages that would need MIR:
> lksctp-tools
> erlang
> grep-dctrl
> ejabberd
Auditing erlang would take a good bit of time. While ejabberd's CVE
history is short[1], I'd be curious how they handle stable release updates
(do they provide patches, are their micro releases only security fixes,
etc). I'd like to get an erlang expert's opinion of ejabberd's code
quality before going much further with it, too.
-Kees
[1] http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ejabberd
--
Kees Cook
Ubuntu Security Team
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
|
