FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 11-26-2007, 07:04 PM
"Aaron Griffin"
 
Default Moving heimdal to core

I'd like to move heimdal to core/lib. This gives us kerberos libs in
core, and will close out this bug:

http://bugs.archlinux.org/task/8373


Any problems with this?

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 03:35 PM
"Aaron Griffin"
 
Default Moving heimdal to core

On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> I'd like to move heimdal to core/lib. This gives us kerberos libs in
> core, and will close out this bug:
>
> http://bugs.archlinux.org/task/8373
>
>
> Any problems with this?

One last poke here - I'm going to do this in a few hours if no one has an issue.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 04:16 PM
eliott
 
Default Moving heimdal to core

On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> > I'd like to move heimdal to core/lib. This gives us kerberos libs in
> > core, and will close out this bug:
> >
> > http://bugs.archlinux.org/task/8373
> >
> >
> > Any problems with this?
>
> One last poke here - I'm going to do this in a few hours if no one has an issue.

I am actually against it, based on the dialog in the bug ticket..
Is this patch not included upstream, as the ticket mentioned? If that
is the case, and considering the extreme sensitivity of ssh in
general, I think we should as close to upstream as possible.

I venture a bet that not many people use kerberos'd ssh too. I guess I
don't see why somebody couldn't build their own ssh package with the
kerberos patches.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 05:28 PM
"Aaron Griffin"
 
Default Moving heimdal to core

On Nov 27, 2007 11:16 AM, eliott <eliott@cactuswax.net> wrote:
> I am actually against it, based on the dialog in the bug ticket..
> Is this patch not included upstream, as the ticket mentioned? If that
> is the case, and considering the extreme sensitivity of ssh in
> general, I think we should as close to upstream as possible.

The patch is secondary. openssh supports kerberos and thus heimdal
without any patches.

> I venture a bet that not many people use kerberos'd ssh too. I guess I
> don't see why somebody couldn't build their own ssh package with the
> kerberos patches.

True, but it's really just a configure flag, and Jan uses it, which
weighs a lot.

Either way, I didnt really want to question that specific bug there,
but wanted to question moving heimdal to core - kerberos support libs
in our core repository sounds reasonable to me

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 05:51 PM
eliott
 
Default Moving heimdal to core

> Either way, I didnt really want to question that specific bug there,
> but wanted to question moving heimdal to core - kerberos support libs
> in our core repository sounds reasonable to me

Yeah. I guess I don't see a problem with it (the heimdal package) being in core.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 07:35 PM
Paul Mattal
 
Default Moving heimdal to core

eliott wrote:
> On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>> core, and will close out this bug:
>>>
>>> http://bugs.archlinux.org/task/8373
>>>
>>>
>>> Any problems with this?
>> One last poke here - I'm going to do this in a few hours if no one has an issue.
>
> I am actually against it, based on the dialog in the bug ticket..
> Is this patch not included upstream, as the ticket mentioned? If that
> is the case, and considering the extreme sensitivity of ssh in
> general, I think we should as close to upstream as possible.
>
> I venture a bet that not many people use kerberos'd ssh too. I guess I
> don't see why somebody couldn't build their own ssh package with the
> kerberos patches.

I agree that the security of ssh is of paramount importance, but
also recognize that the kerberos patches might be necessary for some.

Has anyone looked critically at the patches and have anything at all
to say about what security risks they may present? If not, I think I
agree with elliott, we should not include them.

- P

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 07:38 PM
"Aaron Griffin"
 
Default Moving heimdal to core

On Nov 27, 2007 2:35 PM, Paul Mattal <paul@mattal.com> wrote:
> Has anyone looked critically at the patches and have anything at all
> to say about what security risks they may present? If not, I think I
> agree with elliott, we should not include them.

They are included in debian, ubuntu, and solaris all use this patch on
their default, stable, openssh package. That's enough critical review
for me.

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-27-2007, 07:39 PM
Paul Mattal
 
Default Moving heimdal to core

Paul Mattal wrote:
> eliott wrote:
>> On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>>> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>>>> I'd like to move heimdal to core/lib. This gives us kerberos libs in
>>>> core, and will close out this bug:
>>>>
>>>> http://bugs.archlinux.org/task/8373
>>>>
>>>>
>>>> Any problems with this?
>>> One last poke here - I'm going to do this in a few hours if no one has an issue.
>> I am actually against it, based on the dialog in the bug ticket..
>> Is this patch not included upstream, as the ticket mentioned? If that
>> is the case, and considering the extreme sensitivity of ssh in
>> general, I think we should as close to upstream as possible.
>>
>> I venture a bet that not many people use kerberos'd ssh too. I guess I
>> don't see why somebody couldn't build their own ssh package with the
>> kerberos patches.
>
> I agree that the security of ssh is of paramount importance, but
> also recognize that the kerberos patches might be necessary for some.
>
> Has anyone looked critically at the patches and have anything at all
> to say about what security risks they may present? If not, I think I
> agree with elliott, we should not include them.

Sorry, I think I crossed with another message on this topic which I
should have read first.

If this is just a compile-time flag already fully supported by
openssh upstream, I'm for it.

- P

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-28-2007, 06:34 AM
"Aaron Griffin"
 
Default Moving heimdal to core

On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> I'd like to move heimdal to core/lib. This gives us kerberos libs in
> core, and will close out this bug:

Ok, I moved it in CVS, so it's there.

I'm just going to move the existing package without a verbump, from
extra to core, as that shouldn't cause any issues.

Still, I took a look at the heimdal PKGBUILD for the very first time -
yeesh, is all that still needed? Do we really need to uninstall
heimdal and build twice? Can someone take a crack at possibly
simplifying that one?

_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 
Old 11-28-2007, 06:36 AM
Tobias Powalowski
 
Default Moving heimdal to core

Am Mittwoch, 28. November 2007 schrieb Aaron Griffin:
> On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
> > I'd like to move heimdal to core/lib. This gives us kerberos libs in
> > core, and will close out this bug:
>
> Ok, I moved it in CVS, so it's there.
>
> I'm just going to move the existing package without a verbump, from
> extra to core, as that shouldn't cause any issues.
>
> Still, I took a look at the heimdal PKGBUILD for the very first time -
> yeesh, is all that still needed? Do we really need to uninstall
> heimdal and build twice? Can someone take a crack at possibly
> simplifying that one?
>
> _______________________________________________
> arch-dev-public mailing list
> arch-dev-public@archlinux.org
> http://archlinux.org/mailman/listinfo/arch-dev-public

well i ran into this on linuxtag 2007 and it causes weird recompile issues if
you don't do so.
greetings
tpowa

--
Tobias Powalowski
Archlinux Developer & Package Maintainer (tpowa)
http://www.archlinux.org
tpowa@archlinux.org
_______________________________________________
arch-dev-public mailing list
arch-dev-public@archlinux.org
http://archlinux.org/mailman/listinfo/arch-dev-public
 

Thread Tools




All times are GMT. The time now is 03:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org