Main Inclusion Report for moodle
Availability: The package is available in Ubuntu Universe (1.8.2-1ubuntu2) and is an arch-independent package.
Rationale: The package is an often requested application for Edubuntu and is needed to provide a complete educational platform.
- No binaries running as root or suid and no daemons. This is a fairly typical PHP web app.
- Moodle includes an apache.conf file that opens up only localhost:80
Lots of vulnerabilities in the past. (36 old CVEs total)
Upstream has set up a Moodle Security Center
- Needs manual setup via own web interface after install
Debian: is active/calm
Upstream: is fairly vigorous
- There are 17 debconf questions with high or critical priority. They are related to setting up the database (both MySQL and PostgreSQL are supported).
- The package meets the FHS and Debian Policy.
- It uses debhelper and dpatch
- All in Main
- Moodle is a very popular (their website alone has 200,000 users) education course management system. It allows teachers to create a virtual classroom with course content, forums, quizzes, chat, etc.
- Horrible database setup code and too many debconf questions
- horrible security history
- However, this is an explicit goal, and we want to cover the maintenance costs, so approved.