Fwd: ejabberd inclusion into main

Kees Cook kees at ubuntu.com
Wed Jan 14 19:21:42 GMT 2009

On Wed, Jan 14, 2009 at 11:05:05AM -0800, Jordan Mantha wrote:
> ---------- Forwarded message ----------
> From: David Van Assche <dvanassche at gmail.com>
>  Ejabberd is the defacto standard messaging server that permits a
> whole host of xmpp communication inlcuding collaboration as used in
> various apps like abiword and inkscape. Currently it sits in Universe,
> along with its dependencies. We would like it in main for inclusion in the
> ubuntu educational CD. This is also a step towards getting sugar into
> main, as ejabberd is used by sugar for communication and
> collaboration. Here are the source packages that would need MIR:
>  lksctp-tools
>  erlang
>  grep-dctrl
>  ejabberd

Auditing erlang would take a good bit of time.  While ejabberd's CVE
history is short[1], I'd be curious how they handle stable release updates
(do they provide patches, are their micro releases only security fixes,
etc).  I'd like to get an erlang expert's opinion of ejabberd's code
quality before going much further with it, too.


[1] http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ejabberd

Kees Cook
Ubuntu Security Team

More information about the ubuntu-devel mailing list