On Tue, Jul 18, 2017 at 05:35:07PM +1000, Brian May wrote:
Does the attached patch look good to you?
Yes, that's exactly what I had in mind. Tested here and looks fine.
Changelog typo: "explicity". Guessing you already spotted it.
The path would also need updating in the heimdal-kdc/password debconf
template.
Do you consider this a security issue? Do we need to investigate fixes
for Wheezy, Jessie, and Stretch (depending on when this bug was first
introduced)?
I would guess it's worth getting the security team's opinion on.
Problem is, fixing the postinst doesn't help existing installs. A NEWS
entry explaining the impact and how to introduce an mkey to an existing
install might be more valuable than the actual postinst fix.
(I've been through a similar exercise with openldap in #761406.)
thanks,
Ryan
