From 0e57c36ebc25d243a07af0d186c410f1eeb63ea3 Mon Sep 17 00:00:00 2001
From: Dominic Ricottone <me@dominic-ricottone.com>
Date: Wed, 11 Nov 2020 17:05:35 -0500
Subject: [PATCH] minor vendoring

---
 README.md              | 17 +++++++++++++++++
 moinmoin/moin.wsgi     |  2 +-
 moinmoin/wikiconfig.py |  4 ++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 8b410f3..423a09b 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
 
 Deploy a moinmoin wiki using Docker.
 
+
 ## Setup
 
 In `nginx/moinmoin.conf`, configure the server name (`s/example.com/your_domain_name_here/g`).
@@ -46,3 +47,19 @@ In `moinmoin/wikiconfig.py`, configure the wiki name (`s/Untitled Wiki/your_wiki
 
 The web server will be accessible on port 8080.
 
+
+## Security
+
+The stable release of moinmoin (v1.9) is written for python2. It is a complex
+(i.e. multiple vendored libraries), web-facing (i.e. interprets and executes
+user input) service. There have been high-risk CVE's as recently as November
+2020 (see CVE-2020-15275).
+
+Python 2.7 is unsupported as of January 2020.
+
+Alpine Linux v3.10 (the last to support critical python2 dependencies) receives
+security fixes only and will reach end of life in November 2021.
+
+Good luck.
+
+
diff --git a/moinmoin/moin.wsgi b/moinmoin/moin.wsgi
index 1fa3928..f30fa1f 100644
--- a/moinmoin/moin.wsgi
+++ b/moinmoin/moin.wsgi
@@ -29,7 +29,7 @@ import sys, os
 
 # a2) Path of the directory where wikiconfig.py / farmconfig.py is located.
 #     See wiki/config/... for some sample config files.
-#sys.path.insert(0, '/path/to/wikiconfigdir')
+sys.path.insert(0, '/var/moin/wiki')
 #sys.path.insert(0, '/path/to/farmconfigdir')
 
 # b) Configuration of moin's logging
diff --git a/moinmoin/wikiconfig.py b/moinmoin/wikiconfig.py
index c5731aa..6ac03b9 100644
--- a/moinmoin/wikiconfig.py
+++ b/moinmoin/wikiconfig.py
@@ -110,12 +110,12 @@ class Config(multiconfig.DefaultConfig):
 
     # This is the default ACL that applies to pages without an ACL.
     # Adapt it to your needs, consider using an EditorGroup.
-    #acl_rights_default = u"Trusted:read,write,delete,revert Known:read All:read"
+    acl_rights_default = u"Trusted:read,write,delete,revert Known:read,write,delete,revert All:read"
 
     # The default (ENABLED) password_checker will keep users from choosing too
     # short or too easy passwords. If you don't like this and your site has
     # rather low security requirements, feel free to DISABLE the checker by:
-    #password_checker = None # None means "don't do any password strength checks"
+    password_checker = None
 
     # Link spam protection for public wikis (Uncomment to enable)
     # Needs a reliable internet connection.
-- 
2.45.2