Your message dated Tue, 05 Mar 2019 00:53:02 +0000 with message-id <e1h0ykm-0007to...@fasolo.debian.org> and subject line Bug#923739: Removed package(s) from unstable has caused the Debian Bug report #810285, regarding O: apache-mod-auth-ntlm-winbind -- apache2 module for NTLM authentication against Winbind to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 810285: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810285 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: wnpp Severity: normal I originally packaged this module as it was being used by one of my clients in a project, but they've switched to using libapache2-mod-auth-kerb instead, so I no longer have access to an environment where I can test the package, which means I can't usefully maintain it. I've been wondering whether to request removal instead of orphaning, as NTLM is not very secure by modern standards, as the package description warns: If you're considering using this module, you should be aware that NTLM isn't regarded as very secure by modern standards - even Microsoft no longer recommends its use - and where possible, you probably want to use Kerberos with negotiate auth over https instead (see Debian package libapache2-mod-auth-kerb). AIUI negotiate auth over http (rather than https) suffers from connection hijack issues, but I don't know how it compares in overall security terms with NTLM if you aren't able to use https. So I'm going to just orphan for now. Cheers, Olly
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Version: 0.0.0.lorikeet+svn+801-4+rm Dear submitter, as the package apache-mod-auth-ntlm-winbind has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/923739 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
