[Bug 1576812] Re: [MIR] ipmitool
** Tags removed: server-todo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
With the ipmi* support in some of the HA components it might be time to re-evaluate it. ** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
Back to incomplete for a re-eval but only after known CVEs and improvements (1.8.19) are released. ** Changed in: ipmitool (Ubuntu) Status: Won't Fix => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
FYI - CVE open and not (yet) released 1.8.19 https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-5208.html ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-5208 ** Tags removed: server-triage-discuss yakkety -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
** Tags added: server-triage-discuss -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
It's a bit hard to follow the issue but I have the impression quite a lot of work has been done on upstream ipmitool. It'd probably be worth revisiting. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
FYI - someone tried upstream, but it wasn't merged https://github.com/ipmitool/ipmitool/issues/13 This effort would need to be re-started and driven to completion. ** Bug watch added: github.com/ipmitool/ipmitool/issues #13 https://github.com/ipmitool/ipmitool/issues/13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
This bug was fixed in the package cluster-glue - 1.0.12-5ubuntu2 --- cluster-glue (1.0.12-5ubuntu2) zesty; urgency=medium * Drop ipmitool to Suggests, as it's only referenced in one plugin where the code already checks and warns if it's not installed (LP: #1576812) -- Adam ConradMon, 10 Apr 2017 02:58:13 -0600 ** Changed in: cluster-glue (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
** Also affects: cluster-glue (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cluster-glue/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
** Changed in: ipmitool (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
After considering the long list of compiler warnings: Security team NAK for promoting ipmitool to main. It's simply speaking too risky for our team to take on in a formal capacity. Feel free to consider re-opening if upstream drastically reduces the compiler warnings. Thanks ** Changed in: ipmitool (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
On the one hand, ipmi usually works on segregated networks because the implementation of ipmi on baseband controllers and NICs are usually pretty poor, so the risks may be limited. On the other hand, the compilation warnings are telling a story of a project that might have been Good Enough fifteen years ago, but looks unloved today. Ideally we wouldn't promote this to main until someone cleans up the warnings. The compiler is giving hundreds of concrete suggestions to improve the code quality. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
The compilation logs are extremely messy. Of these warnings, 90% are security-relevant. This is much worse than usual. Thanks ** Attachment added: "log.txt" https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+attachment/4759689/+files/log.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
Probably the md5.c results from cppcheck are false positives. I haven't looked. Even with those discounted, it's noisier than usual. ** Attachment added: "cppcheck.txt" https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+attachment/4759688/+files/cppcheck.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
** Changed in: ipmitool (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
It's probably worth noting (on this oddly-stalled MIR...) that, despite ipmitool being in universe, it would be a complete lie to claim that Canonical doesn't already support it. We've patched it quite heavily here and there for both paying customer and community bugs, we use it quite heavily internally, and recommend it often externally. The part where it's managed to continue living in universe is really just a side- effect of none of its dependencies making it to main until now, not an explicit statement of support. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
** Changed in: ipmitool (Ubuntu) Assignee: Ubuntu Server Team (ubuntu-server) => Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1576812] Re: [MIR] ipmitool
** Description changed: + Availability: ipmitool is in universe in Precise, Trusty and Xenial. + + Rationale: ipmitool is a new Recommends of cluster-glue, which is in + Main. Additionally, ipmitool is a reasonably common program for systems + management, and it makes some sense for it to be in Main. + + Security: The security history for the ipmitool package is fairly quiet. + + Reviewing CVEs for ipmitool, I found only one relevant one: + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4339 which was + fixed in Debian. + + ipmitool installs one binary to /usr/sbin: + + /usr/sbin/ipmievd + + and one corresponding service: + + /etc/init.d/ipmievd + /lib/systemd/system/ipmievd.service + + ipmievd itself is a logging daemon that transfer logs from a BMC to + syslog and seems like a low exposure (accounting for the afore-mentioned + CVE). + + Quality assurance: + + Installation of ipmitool results in an immediately working package. + Site-specific options for accessing a BMC may be necessary, but are + documented in the man-page. + + No debconf questions are asked during installation. + + https://bugs.launchpad.net/ubuntu/+source/ipmitool indicates no + outstanding long-term bugs exist for ipmitool. + + Debian's bug tracker implies no significant bugs exist, excepting possibly related to whether ipmievd should start by default (due to dependencies on particular kernel modules). + https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=ipmitool + + The upstream bug tracker + https://sourceforge.net/p/ipmitool/bugs/?source=navbar mostly contains + feature requests. + + ipmitool is well-maintained in Debian and Ubuntu. + + ipmitool does not ship a test suite; any test suite it shipped would + also have strict hardware dependencies, I think. + + ipmitool uses a debian/watch file and uscan/uupdate function currently. + + I am not sure that the end-user application (ipmitool itself) has been + internationalized yet. Nor does there appear to be a desktop file, but + ipmitool would primarily be used on servers. + + Dependencies: + + All build and binary dependencies (including Recommends:) are + satisfyable in main. + + Standards compliance: The package meets the FHS and Debian Policy + standards. + + Maintenance: The Ubuntu Server team will maintain this package. + + Background information: + + The package descriptions correctly explain the general purpose and + context of the package. + + == Original report == + cluster-glue has added a recommends: against ipmitool, currently in universe. This looks to me like a reasonable thing to have in main, but needs to go through the MIR process. cluster-glue is owned by the server team. ** Changed in: ipmitool (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1576812 Title: [MIR] ipmitool To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1576812/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs