Package: wnpp Severity: normal I originally packaged this module as it was being used by one of my clients in a project, but they've switched to using libapache2-mod-auth-kerb instead, so I no longer have access to an environment where I can test the package, which means I can't usefully maintain it.
I've been wondering whether to request removal instead of orphaning, as NTLM is not very secure by modern standards, as the package description warns: If you're considering using this module, you should be aware that NTLM isn't regarded as very secure by modern standards - even Microsoft no longer recommends its use - and where possible, you probably want to use Kerberos with negotiate auth over https instead (see Debian package libapache2-mod-auth-kerb). AIUI negotiate auth over http (rather than https) suffers from connection hijack issues, but I don't know how it compares in overall security terms with NTLM if you aren't able to use https. So I'm going to just orphan for now. Cheers, Olly
signature.asc
Description: PGP signature