** Tags removed: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage notifications about this bug go to:
** Changed in: libssh2 (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage
The nmap seed change is only in a few hours the demotion hasn't taken place yet.
So it will be a few more hours ... but then should appear in the archive as
planned.
For curl the delta to convert it to libssh seems to do fine.
And we have no other package needing it right now.
So yes, lets mark
Christian, thanks so much for the discussion. Should we now set this MIR
bug to Invalid?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage notifications
After the discussion with the Team the consensus was for nmap to demote it from
main.
It isn't needed on install media nor is is a core part of any solution - so
there is no hard reason to be in main.
The tool can continued to be used as-is from the universe repo.
=>
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu-seeds/+git/ubuntu/+merge/376744
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage
Hi Seth,
thanks for your reply on this long ongoing discussion.
Looking back it seems while the two libs are alternatives to each other things
slowly tend to lean more towards libssh, so less reasons than int he past to
promote it IMHO.
You brought up something interesting with nmap...
#
Christian, I'm currently thinking we may be better served by:
- unseeding nmap from ubuntu-server (daily)
- removing nmap libssh2 vendored code and linking against the version in the
archive
- keeping our delta in curl to use libssh
What do you think? Does the server team still need nmap
Hi Christian, sorry for the inconvenience, I meant Chris Coulson; he
reviewed libssh2 earlier and found issues for upstream to address.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Hi Seth,
do you mean me or "Chris Coulson" who is also subscribed?
If you meant me: As I said in comment #18, the reason to promote it for qemu is
gone (that was my motivation to participate here), but curl/nmap would still
benefit.
There are no further updates to this from my side.
--
You
Chris, do you recall if upstream responded sufficiently to your
findings? If they did, can you report back whether or not this package
should be promoted to main?
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
FYI: qemu switched to libssh, so we don't need it for that anymore.
Bu tunless it changed as Matthias outlined curl and nmap would still benefit.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
FYI: qemu would be able to drop one delta as well, not too important for
our users but nice to have (ssh to remote disks).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
security team, please could you re-review this. There seem to be now at
least two users in main: curl and nmap
** Changed in: libssh2 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Ubuntu Security Team
(ubuntu-security)
--
You received this bug notification because you are a member of
Ping? nmap is blocked by this, it has always been using its embedded
libssh2, and now it has moved to the system one.
I don't want to use embedded libssh2 libraries
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: libssh2 (Ubuntu)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage notifications about
** Changed in: libssh2 (Ubuntu)
Assignee: Adam Conrad (adconrad) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage notifications about this
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libssh2 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
Hey, we'd really like it if the packaged version of curl supported sftp,
it is unexpected from an end user standpoint when it doesn't, especially
given that the man page specifically says so:
curl is a tool to transfer data from or to a server, using one of the
supported protocols (DICT, FILE,
It's been a month since I reopened this MIR, and no apparent activity.
@adconrad - Have you noticed anything else besides the possible problems
Kees Cook identified and I've submitted patches for? Are there any other
reasons why this package could not go into main? LP #311029 depends on
this
** Changed in: libssh2 (Ubuntu)
Assignee: (unassigned) = Adam Conrad (adconrad)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
To manage notifications about this
This MIR expired without a decision being made. But since a project I'm
working on needs bug #311029 to be fixed, and #311029 is in turned
blocked by this MIR, I'm reopening the MIR to hopefully make some
progress on it.
** Changed in: libssh2 (Ubuntu)
Status: Expired = New
--
You
One of the concernes that Kees Cook raised over this MIR was the
compile-time warnings about ignored return values. While those only
appear in example code and not in actual library code, it's always best
to heed the warnings the compiler gives. I've written a patch to fix the
compile-time
The other concern was that the upstream tests should actually run at
build time. This patch addresses that concern.
** Patch added: run-tests-during-build.patch
https://bugs.launchpad.net/ubuntu/+source/libssh2/+bug/681423/+attachment/3463522/+files/run-tests-during-build.patch
--
You
[Expired for libssh2 (Ubuntu) because there has been no activity for 60
days.]
** Changed in: libssh2 (Ubuntu)
Status: Incomplete = Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Those warnings are from the example code, not from code that is used in
the actual library. Upstream will still appreciate a patch to fix them
of course.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I'd like to see a few things fixed up before this goes into main:
- build-time FORTIFY_SOURCE warnings should be appropriately fixed, for example:
sftp.c: In function 'kbd_callback':
sftp.c:78: warning: ignoring return value of 'fgets', declared with attribute
warn_unused_result
sftp.c: In
** Changed in: libssh2 (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/681423
Title:
[MIR] libssh2
--
ubuntu-bugs mailing list
I detect some agressivenes from Andreas Schneider here and also at bug #492931
he claims FUD, but could you please clarify where this FUD is?
Please do so in your blog and not here. This is a bug tracker and no place for
personal vendettas.
I do want to understand the situation as to where
There are two libraries which implement the SSH protocol. Both are well
maintained and under active development. Developers prefer one or the
other, cause they have different feature sets. There is no reason to
replace libssh cause of that page. curl uses libssh2 and other
applications are using
libssh2 should be included in the distribution, but you should stop
forcing people to choose the libraries they want to use to develop
applications.
--
[MIR] libssh2
https://bugs.launchpad.net/bugs/681423
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Hi,
does this mean you want to rewrite kio_sftp and maintain it in future
cause you believe the FUD written down at http://www.libssh2.org/libssh2
-vs-libssh.html ?
--
[MIR] libssh2
https://bugs.launchpad.net/bugs/681423
You received this bug notification because you are a member of Ubuntu
** Description changed:
- Rationale:
- * moving this to main would resolve lp bug #311029
- * its a (optional) dependency for curl, already in main
- * it replaces libssh (already in main), have more features and being active
developed; see feature comparison:
I believe the comments in the libssh MIR are relevant here: bug 492931
--
[MIR] libssh2
https://bugs.launchpad.net/bugs/681423
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
34 matches
Mail list logo