<?xml version="1.0"?>
<!-- Generated by the OpenACS Package Manager -->

<package key="acs-kernel" url="http://openacs.org/repository/apm/packages/acs-kernel/" type="apm_service">
    <package-name>ACS Kernel</package-name>
    <pretty-plural>ACS Kernel Services</pretty-plural>
    <initial-install-p>t</initial-install-p>
    <singleton-p>t</singleton-p>
    <implements-subsite-p>f</implements-subsite-p>
    <inherit-templates-p>t</inherit-templates-p>

    <version name="5.10.1" url="http://openacs.org/repository/download/apm/acs-kernel-5.10.1.apm">
        <owner url="mailto:oct@openacs.org">OpenACS Core Team</owner>
        <summary>Routines and data models providing the foundation for OpenACS-based Web services.</summary>
        <release-date>2024-09-02</release-date>
        <vendor url="http://openacs.org">OpenACS</vendor>
        <description format="text/html">The OpenACS kernel contains the core datamodel create and drop scripts for such things as objects, groups, parties and the supporting PL/SQL and PL/pgSQL procedures.</description>
        <maturity>3</maturity>

        <provides url="acs-kernel" version="5.10.1"/>

        <callbacks>
        </callbacks>
        <parameters>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="AdminOwner"  default="a-programmer@yourdomain.com" description="Who signs the admin pages, e.g., a programmer who can fix/enhance them. DEPRECATED: please use HostAdministrator instead" section_name="deprecated"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="AllowPersistentLoginP"  default="1" description="do we allow persistent logins?" section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="AllowedAttribute"  default="align alt border cellpadding cellspacing color face height href hspace id name size src style target title valign vspace width colspan rowspan class" description="A space separated list of allowed attribute names, e.g. title, src, etc.. You probably want to avoid onMouseOver and the like. Add a * to always allow all attributes." section_name="antispam"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="AllowedProtocol"  default="http https ftp mailto" description="A space separated list of protocols that are valid attributes of HTML tags in submitted content. Add a * to always all all protocols." section_name="antispam"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="AllowedTag"  default="A ADDRESS ADP:ICON ADP:TOGGLE_BUTTON B BLOCKQUOTE BR CODE DIV DD DL DT EM FONT HR I LI OL P PRE SPAN STRIKE STRONG SUB SUP TABLE TBODY TD TR TT U UL EMAIL FIRST_NAMES LAST_NAME GROUP_NAME H1 H2 H3 H4 H5 H6" description="A space separated list of all the HTML tags that people may use. Add a * to always allow all tags." section_name="antispam"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="ApprovalExpirationDays"  default="0" description="The number of days after which registration approval expires, which will cause the user to change state to &#39;needs_approval&#39;. Set to 0 to disable expiration of approval." section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="BugTrackerInstance"  description="Use this parameter to indicate the instance of the bug tracker where the errors will be automatically submitted. You must use a relative url indicating where is mounted the instance of the bug tracker. For instance, if you have your bug tracker instance mounted under &#34;/bug&#34;, this parameter must be &#34;/bug&#34;.  Leave this parameter in blank if you do not want to use it." section_name="request-processor"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="CSPEnabledP"  default="1" description="Enable automated generation of W3C ontent Security Policies (CSP); it is highly recommended to activate it to mitigate XSS attacks" section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="CanonicalServer"  description="The canonical (primary) server, i.e. the server running the scheduled procedures etc. The provided value should be included in the list of ClusterPeerIP? If a port is not provided, we assume port 80." section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ClusterAuthorizedIP"  description="A space separated list of which machines can issues requests (e.g., flushing) to the cluster. Can use glob matching notation (10.0.0.*)" section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ClusterHeartbeatInterval" default="20s" description="Time duration between checks for the liveliness of cluster nodes" section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ClusterAutodeleteInterval" default="2m" description="When a peer node is inactive long than this duration, delete it automatically" section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ClusterEnabledP"  default="0" description="is clustering enabled?" section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ClusterPreferredLocationRegexp"  default="https://" description="When servers listen on multiple endpoints (different protocols, IP addresses, IPv4/IPv6, ...) use the specified regexp to select the preferred option. When there is no match, the first optional value is used." section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="DynamicClusterPeers"  description="Do not edit here. Used for bookkeeping." section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="CommunityMemberAdminURL"  default="/acs-admin/users/one" description="the URL of the admin community member page" section_name="system-information"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="CommunityMemberURL"  default="/shared/community-member" description="the URL of the public community member page" section_name="system-information"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="CookieDomain"  description="Domain to pass to ad_set_cookie. Set this if you want to access multiple hostnames under the same domain." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="DBCacheSize"  default="200000" description="The size of the database API cache" section_name="caching"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="DebugP"  default="0" description="save debugging information for developer support?" section_name="request-processor"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="DefaultPersistentLoginP"  default="1" description="On the login screen, should the default be to login the user permanently (1) or not (0)." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="EmailAccountOwnerOnPasswordChangeP"  default="1" description="Say 1 if you want us to send an email to the account owner when changing password for local accounts." section_name="Local Accounts"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ClusterEnableLoggingP"  default="1" description="Should I log clustering events in the system log?" section_name="server-cluster"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ExcludedFiles"  default="*/CVS/* *~" description="string match patterns for files which the request processor should never serve" section_name="request-processor"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ExtensionPrecedence"  default="adp,tcl,html,jpg,gif" description="precedence for file extensions, e.g., &#39;tcl,adp,html&#39; means &#39;serve a .tcl file if available, else an .adp file if available, else an .html file if available, else the first file available in alphabetical order. Comma-separated." section_name="request-processor"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="ForceHostP"  default="0" description="if a user provides a Host header which isn&#39;t this, redirect the user to this particular host. e.g., if yourservername.com and                                     www.yourservername.com point to the same IP, set this to 1 so cookies will be properly set." section_name="request-processor"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="HomeName"  default="#acs-subsite.Your_Account#" description="the name of the workspace link" section_name="system-information"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="HomeURL"  default="/pvt/home" description="the URL of the workspace link" section_name="system-information"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="HostAdministrator"  default="somenerd@yourdomain.com" description="a person whom people can email with technical problems" section_name="system-information"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="HttpCacheControlP"  default="1" description="Whether we output http headers on every request for dynamic pages that prevent browsers and proxies from caching the page." section_name="request-processor"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="IndexRedirectUrl"  description="If non-blank, serve the given template rather than the default index template.  Example: /dotlrn/index"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="InfoFilePermissionsMode"  default="0775" description="The default UNIX permissions to assign to the .info file when it is created." section_name="apm"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="LogDebugP"  default="0" description="log request-processor debug messages to the error log? very verbose." section_name="request-processor"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="LoginPageExpirationTime"  default="0" description="The expiration time in seconds for the login page. This is needed to protect against browser cached passwords - is not needed anymore for are recent browsers." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="LoginTimeout"  default="28800" description="The maximum number of seconds to let users stay logged in without requiring them to refresh their password. 0 for infinite. Change requires a server restart to take effect." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="MaxSize"  default="200000" description="The size of the util_memoize cache(bytes)" section_name="caching"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="MaxUrlLength"  default="2000" description="The maximum length of a URL. Often attacks are tried with long URLs, therefore, catching this early improves security. For typical OpenACS installations, a URL length of 500 is more than enough." section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="OutgoingSender"  default="somenerd@yourdomain.com" description="The email address that will sign outgoing alerts." section_name="system-information"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="PasswordExpirationDays"  default="0" description="How long can a password be used before it expires and must be changed. Specify 0 to disable password expiration." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="PerformanceModeP"  default="0" description="Setting this to 1 will tell the request processor to make the assumption that once a URL is mapped to a file, that mapping never changes. This obviously would cause problems on a development system, but will improve performance on a production server." section_name="request-processor"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="PermissionCacheP"  default="0" description="Whether to cache permission_p calls.  Use with extreme caution.  Only direct permissions managed via the tcl api are properly handled and some packages modify permissions directly in the database and will not work properly when this is turned on. You must restart the server after changing this param." section_name="permissions"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="PermissionCacheTimeout"  default="300" description="Number of seconds until the permissions cache times out." section_name="permissions"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="PrivacyControlEnabledP"  default="0" description="Whether we control privacy. One example of a package that uses this is forums. It doesn&#39;t show any forum posting content unless this is set to 1. DEPRECATED: this functionality has been ported to dotlrn, which was the only upstream package using it." section_name="deprecated"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="PublisherName"  default="Yourdomain Network, Inc." description="for legal pages, full corporate entity" section_name="system-information"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="RegisterRestrictEntireServerToRegisteredUsersFilters"  default="0" description="Register filters at startup that will allow each subsite to be restricted to registered users." section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="RegisterRestrictToSSLFilters"  default="1" description="Whether to process the RestrictToSSL paths per site node on startup which can be quite slow on a site with many nodes." section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="RequireQuestionForPasswordResetP"  default="0" description="(Unsupported) Do we require a question/answer pair to reset a users password?" section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="ResourcesExpireInterval"  default="0" description="If the specified value is different to 0, the value is passed to ns_setexpires to provide an expire time for the content. Typically, this time is set in seconds but can be as well an integer with the suffix &#34;d&#34; for days, &#34;h&#34; for hours or &#34;m&#34; for minutes, such as e.g. 30d for 30 days." section_name="request-processor"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="RestrictErrorsToAdminsP"  default="1" description="Whether we show errors to administrators only"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="RestrictLoginToSSLP"  default="1" description="Should login, register, and password update pages be restricted to HTTPS?" section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="ScreenName"  default="solicit" description="Can be &#39;none&#39;, &#39;solicit&#39;, or &#39;require&#39;. If you say none, we will not ask users to provide a screen_name. If you say &#39;solicit&#39;, we will ask for one, but not require it. If you say &#39;require&#39;, we will not let users register or login without setting up a screen_name." section_name="Local Accounts"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="SendErrorEmailP"  default="0" description="Whether to send an email to the site owner describing details whenever an error ocurrs, or not. A value of 0 in this parameter indicates that no emails are goint to be sent, in the other hand, a value of 1 indicates that an email is going to be sent when error ocurrs.  "/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="ServeXQLFiles"  default="0" description="Should we serve .xql files (database query files) to browsers? Say 0 to not serve them, 1 to serve them. Typically you do not want to serve these files. Change requires a server restart to take effect." section_name="request-processor"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SessionLifetime"  default="604800" description="how long after the last hit should we save information in the SessionLifetime table?" section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="SessionRenew"  default="300" description="How many seconds do we let elapse before renewing a session cookie? This should be less than SessionTimeout. Change requires a server restart to take effect." section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SessionSweepInterval"  default="3600" description="how often should we sweep for old stale sessions?" section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SessionTimeout"  default="1200" description="For how many seconds can a be session inactive before it times out?  Change requires a server restart to take effect." section_name="security"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SystemCommandPaths"  default="/usr/local/bin /usr/bin /bin /usr/sbin /sbin /usr/sbin" description="Directories that contain system commands, such as tar, wget, and gunzip" section_name="apm"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SystemName"  default="yourdomain Network" description="the name of your system" section_name="system-information"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SystemOwner"  default="webmaster@yourdomain.com" description="who signs the average user-visible pages" section_name="system-information"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="SystemURL"  default="http://yourdomain.com" description="URL to tell users to go to" section_name="system-information"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="UseBackgroundDeliveryP"  default="0" description="Use background delivery for file downloads"/>
            <parameter scope="instance" datatype="string"  min_n_values="1"  max_n_values="1"  name="UseCustomQuestionForPasswordReset"  default="0" description="Does the user get to choose their custom password question and answer" section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="UseEmailForLoginP"  default="1" description="Say 1 if we should login with email instead of username." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="UsePasswordWidgetForUsername"  default="0" description="Should we hide what the user types in the username field, the way we do with the password field? Set this to 1 if you are using sensitive information such as social security number for username." section_name="security"/>
            <parameter scope="instance" datatype="number"  min_n_values="1"  max_n_values="1"  name="SecureSessionCookie"  default="0" description="Set the session cookie as secure. This parameter should only be set, when ALL requests to the site requiring a cookie are over HTTPS." section_name="security"/>
            <parameter scope="instance" datatype="string" min_n_values="1" max_n_values="1"  name="PasswordHashAlgorithm" default="salted-sha1" description="Define the algorithm to be used for computing password hashes; multiple algorithms can be specified in decreasing preference order (example: &#34; argon2-12288-3-1 scram-sha-256 scrypt-16384-8-1 salted-sha1&#34;; default: &#34;salted-sha1&#34;; values are specified without quotes). Potential values: argon2-12288-3-1 argon2-rfc9106-high-mem argon2-rfc9106-low-mem salted-sha1 scram-sha-256 scrypt-16384-8-1" section_name="security"/>
        </parameters>

    </version>
</package>