MainInclusionReportMoodle

Main Inclusion Report for moodle

  1. Availability: The package is available in Ubuntu Universe (1.8.2-1ubuntu2) and is an arch-independent package.

  2. Rationale: The package is an often requested application for Edubuntu and is needed to provide a complete educational platform.

  3. Security:

    • No binaries running as root or suid and no daemons. This is a fairly typical PHP web app.
    • Moodle includes an apache.conf file that opens up only localhost:80
    • No unfixed CVE or SECUNIA reports for the current Ubuntu version (1.8.2). See also the Debian security tracker page.

    • Lots of vulnerabilities in the past. (36 old CVEs total)

    • Upstream has set up a Moodle Security Center

  4. Quality assurance:

    • Needs manual setup via own web interface after install
    • Debian bugs: Eight major bugs and ten Normal in Debian and 0 bugs in Ubuntu.

    • Debian: is active/calm

    • Upstream: is fairly vigorous

    • There are 17 debconf questions with high or critical priority. They are related to setting up the database (both MySQL and PostgreSQL are supported).
  5. Standards compliance:

    • The package meets the FHS and Debian Policy.
    • It uses debhelper and dpatch
  6. Dependencies:

    • All in Main
  7. Background:

    • Moodle is a very popular (their website alone has 200,000 users) education course management system. It allows teachers to create a virtual classroom with course content, forums, quizzes, chat, etc.

Reviews

MartinPitt:

  • Horrible database setup code and too many debconf questions
  • horrible security history
  • However, this is an explicit goal, and we want to cover the maintenance costs, so approved.

MainInclusionReportMoodle (last edited 2008-08-06 16:18:58 by localhost)