>>>>> "Javier" == Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> writes:
Javier> On Thu, Mar 24, 2005 at 08:49:01PM -0500, Sam Hartman
Javier> wrote:
>> severity 300775 wishlist tags 300775 -security
Javier> ^^^^^^^^^^^^^^^^^^^^^ Why this? PAM 0.76 is indeed
Javier> vulnerable to the issues fixed in 0.78
Someone pointed out in mail to this bug that Debian is not vulnerable
to these issues because of local patches.
>> Hi. I've explicitly decided not to upgrade PAM for sarge. I
>> had also decided when 0.77 came out that I didn't see a good
>> reason to take it. Taking a new pam release is a painful
>> process.
Javier> Yes, it might be painful, but fixing bugs is also
Javier> important and these releases are primarily bug-fix
Javier> releases.
>> That said, I'm looking for people to help with PAM. Would you
>> be interested? Are you familiar with pam enough to help try
>> and merge in a new release?
Javier> I can help out, I am not extremely familiar with PAM but
Javier> wouldn't mind jumping in and helping you with this
Javier> release. Since sarge's base is frozen maybe an upload to
Javier> experimental with 0.78 plus patches would be best right
Javier> now and have it move into sid as soon as sarge is
PAM is maintained in a subversion repository on alioth. I can give
you write access to that repository if you're sufficiently familiar
with subversion etc.
I'd recommend importing PAM 0.78's upstream and then looking at each
of the debian local patches and seeing whether they should be
maintained, dropped or modified.
