Hello! On Mon, Dec 07, 2020 at 11:52:32AM +0100, Laurent Bigonville wrote: > Hello all, [...] > Strong password hashing is one thing, but src:pam now FTBFS [....] should > be fixed in 1.4.0 > > So IMVHO, we need to update to at least 1.4.0 at least before the release.
Thanks for your input. I wasn't aware that there's now a FTBFS to consider as well. I just want to be clear that *I* will most likely not pursue the actual upload of my previously proposed NMU (before the release, and possibly never) even though I think *someone* should! (This is purely based on my lack of motivation and time to dedicate to handle the possible fallout. Additionally we're getting very close to freeze which adds to me not not being able to muster the needed energy.) At this stage it might be useful to reach out and get an ACK from the release team before uploading. For the record: It's been a while since I looked into things but to my knowledge there are no issues with the NMU I prepared in my forked git repo[1]. (Things might have changed in related components in debian since, so possible additional tweaks might be needed.) A second pair of eyes reviewing the changes would be great though. Upstream has released even newer releases, 1.5.0 etc, but there modules that where deprecated in 1.4.0 (which my NMU just reenabled again) has now actually been removed. I thus suggest that whoever pursues updating pam in Debian starts with getting 1.4.0 in, then at a later point try to work out a long-term plan for the deprecated modules with who-ever is motivated to do the long-term maintenance of pam in Debian. Regards, Andreas Henriksson [1]: https://salsa.debian.org/ah/pam
