= Main Inclusion Report for moodle = 0. ''Availability:'' The package is available in [[http://archive.ubuntu.com/ubuntu/pool/universe/m/moodle|Ubuntu Universe]] (1.8.2-1ubuntu2) and is an arch-independent package. 0. ''Rationale:'' The package is an often requested application for Edubuntu and is needed to provide a complete educational platform. 0. ''Security:'' * No binaries running as root or suid and no daemons. This is a fairly typical PHP web app. * Moodle includes an apache.conf file that opens up only localhost:80 * No unfixed [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=moodle|CVE]] or [[http://secunia.com/product/14721/|SECUNIA]] reports for the current Ubuntu version (1.8.2). See also the Debian [[http://security-tracker.debian.net/tracker/source-package/moodle|security tracker]] page. * Lots of vulnerabilities in the past. (36 old [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=moodle|CVEs]] total) * Upstream has set up a [[http://security.moodle.org/|Moodle Security Center]] 0. ''Quality assurance:'' * Needs manual setup via own web interface after install * [[http://bugs.debian.org/src:moodle|Debian bugs]]: Eight major bugs and ten Normal in [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=moodle|Debian]] and 0 bugs in [[https://bugs.launchpad.net/ubuntu/+source/moodle/|Ubuntu]]. * [[http://packages.qa.debian.org/m/moodle.html|Debian]]: is active/calm * [[http://www.moodle.org|Upstream]]: is fairly vigorous * There are 17 debconf questions with high or critical priority. They are related to setting up the database (both MySQL and PostgreSQL are supported). 0. ''Standards compliance:'' * The package meets the FHS and Debian Policy. * It uses debhelper and dpatch 0. ''Dependencies:'' * All in Main 0. ''Background:'' * Moodle is a very popular (their website alone has 200,000 users) education course management system. It allows teachers to create a virtual classroom with course content, forums, quizzes, chat, etc. = Reviews = MartinPitt: * Horrible database setup code and too many debconf questions * horrible security history * However, this is an explicit goal, and we want to cover the maintenance costs, so approved.