Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   ArchLinux Development (http://www.linux-archive.org/archlinux-development/)
-   -   Moving heimdal to core (http://www.linux-archive.org/archlinux-development/5665-moving-heimdal-core.html)

"Aaron Griffin" 11-26-2007 07:04 PM

Moving heimdal to core
 
I'd like to move heimdal to core/lib. This gives us kerberos libs in
core, and will close out this bug:

http://bugs.archlinux.org/task/8373


Any problems with this?

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

"Aaron Griffin" 11-27-2007 03:35 PM

Moving heimdal to core
 
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> I'd like to move heimdal to core/lib. This gives us kerberos libs in
> core, and will close out this bug:
>
> http://bugs.archlinux.org/task/8373
>
>
> Any problems with this?

One last poke here - I'm going to do this in a few hours if no one has an issue.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

eliott 11-27-2007 04:16 PM

Moving heimdal to core
 
On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> > I'd like to move heimdal to core/lib. This gives us kerberos libs in
> > core, and will close out this bug:
> >
> > http://bugs.archlinux.org/task/8373
> >
> >
> > Any problems with this?
>
> One last poke here - I'm going to do this in a few hours if no one has an issue.

I am actually against it, based on the dialog in the bug ticket..
Is this patch not included upstream, as the ticket mentioned? If that
is the case, and considering the extreme sensitivity of ssh in
general, I think we should as close to upstream as possible.

I venture a bet that not many people use kerberos'd ssh too. I guess I
don't see why somebody couldn't build their own ssh package with the
kerberos patches.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

"Aaron Griffin" 11-27-2007 05:28 PM

Moving heimdal to core
 
On Nov 27, 2007 11:16 AM, eliott <eliott@cactuswax.net> wrote:
> I am actually against it, based on the dialog in the bug ticket..
> Is this patch not included upstream, as the ticket mentioned? If that
> is the case, and considering the extreme sensitivity of ssh in
> general, I think we should as close to upstream as possible.

The patch is secondary. openssh supports kerberos and thus heimdal
without any patches.

> I venture a bet that not many people use kerberos'd ssh too. I guess I
> don't see why somebody couldn't build their own ssh package with the
> kerberos patches.

True, but it's really just a configure flag, and Jan uses it, which
weighs a lot.

Either way, I didnt really want to question that specific bug there,
but wanted to question moving heimdal to core - kerberos support libs
in our core repository sounds reasonable to me

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

eliott 11-27-2007 05:51 PM

Moving heimdal to core
 
> Either way, I didnt really want to question that specific bug there,
> but wanted to question moving heimdal to core - kerberos support libs
> in our core repository sounds reasonable to me

Yeah. I guess I don't see a problem with it (the heimdal package) being in core.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

Paul Mattal 11-27-2007 07:35 PM

Moving heimdal to core
 
eliott wrote:
> On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>> core, and will close out this bug:
>>>
>>> http://bugs.archlinux.org/task/8373
>>>
>>>
>>> Any problems with this?
>> One last poke here - I'm going to do this in a few hours if no one has an issue.
>
> I am actually against it, based on the dialog in the bug ticket..
> Is this patch not included upstream, as the ticket mentioned? If that
> is the case, and considering the extreme sensitivity of ssh in
> general, I think we should as close to upstream as possible.
>
> I venture a bet that not many people use kerberos'd ssh too. I guess I
> don't see why somebody couldn't build their own ssh package with the
> kerberos patches.

I agree that the security of ssh is of paramount importance, but
also recognize that the kerberos patches might be necessary for some.

Has anyone looked critically at the patches and have anything at all
to say about what security risks they may present? If not, I think I
agree with elliott, we should not include them.

- P

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

"Aaron Griffin" 11-27-2007 07:38 PM

Moving heimdal to core
 
On Nov 27, 2007 2:35 PM, Paul Mattal <paul@mattal.com> wrote:
> Has anyone looked critically at the patches and have anything at all
> to say about what security risks they may present? If not, I think I
> agree with elliott, we should not include them.

They are included in debian, ubuntu, and solaris all use this patch on
their default, stable, openssh package. That's enough critical review
for me.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

Paul Mattal 11-27-2007 07:39 PM

Moving heimdal to core
 
Paul Mattal wrote:
> eliott wrote:
>> On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>>> core, and will close out this bug:
>>>>
>>>> http://bugs.archlinux.org/task/8373
>>>>
>>>>
>>>> Any problems with this?
>>> One last poke here - I'm going to do this in a few hours if no one has an issue.
>> I am actually against it, based on the dialog in the bug ticket..
>> Is this patch not included upstream, as the ticket mentioned? If that
>> is the case, and considering the extreme sensitivity of ssh in
>> general, I think we should as close to upstream as possible.
>>
>> I venture a bet that not many people use kerberos'd ssh too. I guess I
>> don't see why somebody couldn't build their own ssh package with the
>> kerberos patches.
>
> I agree that the security of ssh is of paramount importance, but
> also recognize that the kerberos patches might be necessary for some.
>
> Has anyone looked critically at the patches and have anything at all
> to say about what security risks they may present? If not, I think I
> agree with elliott, we should not include them.

Sorry, I think I crossed with another message on this topic which I
should have read first.

If this is just a compile-time flag already fully supported by
openssh upstream, I'm for it.

- P

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

"Aaron Griffin" 11-28-2007 06:34 AM

Moving heimdal to core
 
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> I'd like to move heimdal to core/lib. This gives us kerberos libs in
> core, and will close out this bug:

Ok, I moved it in CVS, so it's there.

I'm just going to move the existing package without a verbump, from
extra to core, as that shouldn't cause any issues.

Still, I took a look at the heimdal PKGBUILD for the very first time -
yeesh, is all that still needed? Do we really need to uninstall
heimdal and build twice? Can someone take a crack at possibly
simplifying that one?

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public

Tobias Powalowski 11-28-2007 06:36 AM

Moving heimdal to core
 
Am Mittwoch, 28. November 2007 schrieb Aaron Griffin:
> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> > I'd like to move heimdal to core/lib. This gives us kerberos libs in
> > core, and will close out this bug:
>
> Ok, I moved it in CVS, so it's there.
>
> I'm just going to move the existing package without a verbump, from
> extra to core, as that shouldn't cause any issues.
>
> Still, I took a look at the heimdal PKGBUILD for the very first time -
> yeesh, is all that still needed? Do we really need to uninstall
> heimdal and build twice? Can someone take a crack at possibly
> simplifying that one?
>
> _______________________________________________
> arch-dev-public mailing list
> arch-dev-public@archlinux.org
> http://archlinux.org/mailman/listinfo/arch-dev-public

well i ran into this on linuxtag 2007 and it causes weird recompile issues if
you don't do so.
greetings
tpowa

--
Tobias Powalowski
Archlinux Developer & Package Maintainer (tpowa)
http://www.archlinux.org
tpowa@archlinux.org
_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public


All times are GMT. The time now is 10:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.