Bug#1082430: krb5-kdc, krb5-keytab-backend: Permission mismatch for /etc/krb5kdc/

> "Russ" == Russ Allbery writes: Russ> I don't think there are obvious security implications (I think Russ> the permissions are more precautionary, and it's also fairly Russ> unlikely that anyone will have installed krb5-wallet before Russ> krb5-kdc), although Sam, please let m

Bug#1077060: curl: This also applies to PKCS#12

> "Samuel" == Samuel Henrique writes: Samuel> This seems to be the biggest threat to the GnuTLS switch so Samuel> far. Samuel> In the meantime, if any of you could provide an easy Samuel> reproducer, it would save us a bit of time. So, for example with a yubikey with the PIV

Bug#829444: Accepting DEP14?

> "Andreas" == Andreas Tille writes: Andreas> Are there any blockers to accept this DEP which I might Andreas> have missed? Honestly, the git-buildpackage default layout is good enough, and dep-14 involves change that doesn't feel like it brings enough value to me. I.E. I think t

Bug#1078688: Please use filecaps for /usr/sbin/unix_chkpwd instead of setgid shadow

> "Daan" == Daan De Meyer writes: Daan> Dear Maintainer, As described in Daan> https://github.com/linux-pam/linux-pam/pull/373, unix_chkpwd Daan> does not need to be setuid or setgid anymore if it is given Daan> cap_dac_override via filecaps instead. I would like debian to

Bug#1074014: Bug#1073608: Bug#1074014: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

> "Helmut" == Helmut Grohne writes: Helmut> In bullseye and earlier, I guess it works. Helmut> If you start with bullseye or earlier, upgrade to bookworm Helmut> and then to trixie, it continues to work, because the dash Helmut> maintainer scripts preserve any diversion that

Bug#1077764: Ruling request on os-release specification implementation

> "Luca" == Luca Boccassi writes: Luca> On Fri, 2 Aug 2024 at 13:00, Simon McVittie wrote: >> >> On Fri, 02 Aug 2024 at 12:19:20 +0100, Luca Boccassi wrote: >> > To further clarify why the status quo with >> VERSION_CODENAME=trixie in > sid is really bad: it used to be

Bug#1074014: encode mandatory merged-/usr into policy

> "Helmut" == Helmut Grohne writes: Helmut> seconds from * Chris Hofstaedtler * Holger Levsen * Jochen Helmut> Sprickerhof * Luca Boccassi * Michael Biebl It was my intent to second as well. I like Russ's proposal too. signature.asc Description: PGP signature

Bug#1077060: Regression in switch to gnutls: pkcs11 no longer available

package: curl version: 8.8.0-2 severity: important We have been heavily using curl to make API requests using smartcard authentication. We have a private key and certificate on a Yubikey, and we use curl to perform a pkcs11-authenticated login to get an API token. Unfortunately, according to the

Bug#858970: please add /etc/krb5.conf.d

> "Andreas" == Andreas Hasenack writes: >> And what dependency should a package that wants to use included >> fragments have to ensure that those included fragments are >> loaded? I don't think you can. An administrator might remove the includedir. krb5.conf might be a symlink.

Bug#858970: please add /etc/krb5.conf.d

> "Russ" == Russ Allbery writes: Russ> Andreas Hasenack writes: >> I opened #1074775[1] to backport the heimdal patches that add >> include and includedir support, filed a couple of salsa PRs[2][3] >> with tests, and they were merged. Once there is a new upload of >> heim

Bug#1075813: Krb5: fails to pick up debian configuration

package: krb5-kdc severity: grave version: 1.21.3-2 A typo in version 1.21.3-2 incorrectly interrupts the configure args, among other things causing sysconfdir to be incorrectly set. This breaks krb5-kdc because it does not read /etc/krb5kdc/kdc.conf. Found by CI tests. signature.asc Descriptio

Bug#1063648: krb5: FTBFS on arm64, armel and ppc64el with "Can't resolve hostname" in dh_auto_test

> "Chris" == Chris Hofstaedtler writes: Chris> Adam (adsb) points out that the test code in Chris> lib/rpc/unit-test/client.c [1] uses code that does not Chris> support IPv6(-only). I.e. gethostbyname for a name that has Chris> no IPv4 address will fail. So, are the builds goi

Bug#1074014: encode mandatory merged-/usr into policy

> "Helmut" == Helmut Grohne writes: Helmut> Questions: 1. Do you agree that policy should be changed? Yes. The TC has effectively set policy here already, and while they did not use their power under 6.1.1 to actually officially set project policy, their position has bee

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

> "Chris" == Chris Hofstaedtler writes: Chris> When building krb5 with sbuild, configured to use the unshare Chris> backend, the t_iprop.py test apparently times out without any Chris> output. I'm guessing, but have not confirmed that sbuild unshare is setting up a network namesp

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

control: tags -1 -help +confirmed I reproduced the problem with a podman container with no network. Apparently t_iprop.py hangs if the only network interface is loopback. I'm fairly sure it would work fine only talking to itself if there was a non-127.0.0.1 address for it to use. If I can fix t

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

control: tags -1 +help Chris> Filing with severity: serious as the buildd network has Chris> started switching to sbuild with unshare backend, and Chris> multiple people have reproduced this problem. I'm not running sbuild these days; I'm mostly moving toward containerized builds fo

Bug#1056166: systemd-homed: `passwd` fails

> "Luca" == Luca Boccassi writes: Luca> Ah thanks for the pointer to the file, I had missed that Luca> somehow in the first reply. I see it now: the pam-config for Luca> unix.so assumes that if something runs before then everything Luca> is done already. Unfortunately that as

Bug#1056166: systemd-homed: `passwd` fails

> "Luca" == Luca Boccassi writes: Luca> https://www.freedesktop.org/software/systemd/man/latest/pam_systemd_home.html It's going to be a long time (a couple of weeks) before I have cycles to actually look at systemd-home rather than to answer questions with my pam hat on without looking

Bug#1056166: systemd-homed: `passwd` fails

Hi. I'm not really swapped in on Debian this weekend; dealing with a transition for day job. But quick thoughts. I'm surprised that systemd-home is a pam auth module. That is, I wouldn't expect systemd-home to be able to decide whether you have presented valid credentials to log in. It may be t

Bug#1037084: bookworm: When using gdm3 to start non-GNOME wayland sessions, PATH may be set differently

> "Santiago" == Santiago Vila writes: Santiago> Hello. My plan for base-files is to stop overriding the Santiago> PATH in /etc/profile. Santiago> Ubuntu did that a long time ago and it's probably the Santiago> right thing to do. I'd be happy to pick up the Ubuntu patch to i

Bug#1070072: RM: moonshot-ui -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot...@packages.debian.org Control: affects -1 + src:moonshot-ui After discussing with upstream, we no longer believe it makes sense to include the moonshot suite in a stable Lin

Bug#1070071: RM: moonshot-gss-eap -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot-gss-...@packages.debian.org Control: affects -1 + src:moonshot-gss-eap After discussing with upstream, we no longer believe it makes sense to include the moonshot suite in a

Bug#1070070: RM: moonshot-trust-router -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot-trust-rou...@packages.debian.org Control: affects -1 + src:moonshot-trust-router After discussing with upstream, we no longer believe it makes sense to include the moonshot s

Bug#1068017: Y2038-safe replacements for utmp/wtmp and lastlog

> "Chris" == Chris Hofstaedtler writes: Chris> Fellow Developers, Chris> you are probably aware of the time_t-64bit migration :-) Chris> However, this does not magically transition all data formats to 64bit Chris> times. One such instance is the set of utmp/wtmp and lastlog fi

Bug#1069858: libkrb5-3: krb5.conf seems to ignore rdns = false

> "Lukas" == Lukas Grässlin writes: Lukas> We have a scenario where we need to disable reverse lookups for Lukas> canonicalization in Kerberos as the customer's PTR records are not Lukas> consistent and lead to wrongly requested SPNs otherwise (see Lukas> https://web.mit.e

Bug#1069772: pmbootstrap: description doesn't tell me what the package does

package: pmbootstrap version: 2.2.1-1 severity: minor The description should tell the user what postmarket OS is. That is for example more important than knowing the package uses alpine chroots in determining whether this package is useful to me as a user. --Sam

Bug#1065806: fixed in pam 1.5.3-7

> "Christoph" == Christoph Anton Mitterer writes: Christoph> Hey Sam. Christoph> There's a typ in the NEWS enty: >> this user a group name that differs from the user name or add Christoph> | Christoph> should probably be "use" Thanks, fixed on salsa

Bug#1068017: [Pkg-shadow-devel] Bug#1068017: util-linux: please ship liblastlog2 packages

I've read the wiki page. I'm fine with the proposed approach. I note that by including pam_lastlog2.so in a pam-auth-update configuration, other services (gdm, for example) will include lastlog info. The fact that gdm and other display managers do not include pam_lastlog.so suggests that it's u

Bug#1065806: pam: recent upgrade changes previous default umask

control: clone -1 -2 control: retitle -2 Document pam_umask change in release notes

Bug#1065806: pam: recent upgrade changes previous default umask

> "Professor" == Professor Jeebs writes: Professor> I prefer the way it is handled per user.  There is a related, commented Professor> out, option in /etc/skel/.profile, which lands in new user directories, Professor> which I have never touched the umask part until now.  I unc

Bug#1068192: debian-policy: extended forbidden network access to contrib and non-freeo

> "Aurelien" == Aurelien Jarno writes: Aurelien> If we go that route, here is a proposed alternative patch: Aurelien> --- a/policy/ch-source.rst Aurelien> +++ b/policy/ch-source.rst Aurelien> @@ -338,7 +338,8 @@ Aurelien> For example, the build target should pass ``--di

Bug#1067079: Clarify that policy on a technology does not implicitly mandate that technology

> "Josh" == Josh Triplett writes: I tend to agree with Sean that your rationale is not convincing. It sounds like you want to use policy as a stick to hit people over the head and say "policy is not a stick." I get the impression that you are trying to shift the status quo somehow, and re

Bug#1066979: common-auth: sudo should not have incorrect password delay

> "Tim" == Tim Hutt writes: Tim> By default, on Debian and derivatives, `sudo` has a ~2 second Tim> delay for incorrect password attempts. This serves no security Tim> purpose whatsoever and merely annoys the user. It's not obvious to me that it serves no security purpose. Why can

Bug#1065702: krb5-kdc: uninstallable due to hard-coded dependency on libverto-libev1 | libverto-libevent1,

> "Steve" == Steve Langasek writes: Steve> Hi Sam, Steve> I've run into a problem with openldap not being Steve> bootstrappable for the time_t transition because it Steve> build-depends on krb5-kdc, and krb5-kdc is uninstallable on Steve> arm* because of a hard-coded dep

Bug#1065170: tech-ctte: Requesting advice on glib2.0 #1065022, file deletion by postrm during t64 transition

> "Matthew" == Matthew Garrett writes: Matthew> I agree with the conclusions drawn here, but feel that it's Matthew> possibly worth making a stronger general statement that Matthew> policy should never prevent the implementation of a Matthew> well-considered simple solution. I

Bug#1065170: tech-ctte: Requesting advice on glib2.0 #1065022, file deletion by postrm during t64 transition

Are there solutions in the space of having glib2.0-0 continue to exist as a package depended on by glib2.0-0t64 or depending on the new library allowing you to replace the postrm? That might create a space in time where glib2.0-0.so does not exist, but we probably have more flexibility there than

Bug#1065017: unuser: error while loading shared libraries: libpam.so.0

> "Christoph" == Christoph Anton Mitterer writes: Christoph> Do you happen to know whether there's anything needed in Christoph> terms of clean up for people who had already upgraded Christoph> now? Like manually doing whatever was done via the Christoph> runuser? I think that

Bug#1065088: pam 1.5.3-5 not suitable because pam_userdb is missing

package: pam version: 1.5.3-5 severity: serious This version of pam drops pam_userdb which can break systems that use pam_userdb in their configuration. Long term we do want to split it out and possibly drop. However, this change is purely for the time_t transition and will be reverted. This ve

Bug#1065064: libpam-doc: doc-base reports missing files

> "Colin" == Colin Watson writes: Colin> in those doc-base files but are in fact missing. I don't Colin> know whether this is intentional (in which case the doc-base Colin> registrations should be removed to match), or an accidental Colin> build issue that should be fixed. I

Bug#1065017: unuser: error while loading shared libraries: libpam.so.0

> "Helmut" == Helmut Grohne writes: Helmut> I believe pam will have to be reverted and implemented as Helmut> dual ABI instead. I'm not very comfortable with this approach. The tentative patch did not fill me with confidence; my gut is that it was not as robust as an approach that li

Bug#1065011: libpam0t64 competes for libpam.so.0 symlink against libpam0g (breaks debootstrap)

I wanted to briefly summarize an irc conversation we had on #debian-devel for anyone reading this bug. In general, we want to get rid of libpam0g as soon as possible, because you cannot have both libpam0g and libpam0t64 installed at the same time. Steve is working on a series of NMUs to make tha

Bug#1064454: debian-policy: Restrict deb822 field names more

> "Niels" == Niels Thykier writes: Niels> Simon Josefsson: >> Would it make sense to change this to use an inclusive list of >> permitted characters instead? How about checking the field names >> that is in use today, and construct a regexp of permitted symbols >> out of

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

> "Sean" == Sean Whitton writes: Sean> In general, I agree with Santiago. I find Policy's current Sean> scope and working process effective, and not especially Sean> ambiguous. I think everyone should read it during the NM Sean> process, if not sooner. Sean> Russ has con

Bug#1060700: Requesting advice regarding the impact of problems caused by aliasing on declared Conflicts

> "Matthew" == Matthew Vernon writes: Matthew> This continues to make me worry we are not on the path of Matthew> robust engineering. But I appreciate I'm in a very small Matthew> minority in that regard. I want to second the above. I do still believe that the way forward is throu

Bug#1036884: 64-bit time_t: updated archive analysis, proposed transition plan with timeline

> "Ansgar" == Ansgar writes: Ansgar> As far as I understand this approach will break any consumer Ansgar> on a library whose ABI changes to to the ABI changes Ansgar> introduced here unless the consumer is built with the flags Ansgar> from `dpkg-buildflags` (which would now

Bug#1063648: krb5: FTBFS on arm64, armel and ppc64el with "Can't resolve hostname" in dh_auto_test

> "Simon" == Simon McVittie writes: Simon> It might be relevant that according to #972151, arm-conova-03 Simon> (and perhaps other *-conova-* buildds?) is IPv6-only, with no Simon> IPv4 addresses or routes other than loopback (not even via Simon> NAT). Simon> I believe th

Bug#1063329: libselinux1t64: breaks system in upgrade from unstable

> "Helmut" == Helmut Grohne writes: Helmut> pam seems difficult: | extern time_t Helmut> pam_misc_conv_warn_time; /* time that we should warn user */ Helmut> | extern time_t pam_misc_conv_die_time; /* cut-off time for Helmut> input */ Helmut> We cannot symbol-version thes

Bug#1062802: libpam0t64: file loss during upgrade due to /usr-move DEP17

> "Helmut" == Helmut Grohne writes: Helmut> pam also runs in to /usr-move breakage. This one looks FYI, I have some time scheduled to deal with this tomorrow morning US/Mountain (late in the day for Europe).

Bug#1062210: libpam-runtime: pam-auth-update doesn't allow user-ordering of modules

control: severity -1 wishlist control: tags -1 help > "Philip" == Philip Prindeville writes: Philip> Package: libpam-runtime Version: 1.4.0-11ubuntu2.3 Severity: Philip> important Philip> Dear Maintainer, Philip> We were trying to configure PAM authentication to use LDAP,

Bug#1061280: sysvinit crashes podman container on install

package: sysvinit-core: version: 3.08-5 severity: important justification: breaks unrelated software in uncommon environment I was curious about a discussion on debian-devel, so I tried to install sysvinit and wdm at the same time. I tried: podman run --rm -ti debian:unstable apt update apt insta

Bug#1060700: Requesting advice regarding the impact of problems caused by aliasing on declared Conflicts

> "Helmut" == Helmut Grohne writes: Helmut> Package: tech-ctte Given our discussion at the last CTTE Helmut> meeting, I am turning my request for advice into a formal Helmut> one. Helmut> Most of the /usr-move that is happening via DEP17 seems to Helmut> be working out, b

Bug#1057775: [INTL:sv] Swedish strings for pam debconf

> "Anders" == Anders Jonsson writes: Anders> Hi Martin, one change in this one (fixed spelling of Anders> "användare"). I don't think you attached a .po file.

Bug#1060034: ITP: python-openai -- OpenAI Python API library

> "Mo" == Mo Zhou writes: Mo> On 1/5/24 11:45, Ansgar wrote: >> Then the package should be in main. >> >> We do not require external software to be free as well, be that >> Web APIs provided by Github, Twitter, or the NVidia firmware >> required for Nouveau, microcode

Bug#1057199: debian-policy: express more clearly that Conflicts to not reliably prevent concurrent unpacks

> "Guillem" == Guillem Jover writes: Guillem> At least the dpkg behavior seems entirely Guillem> correct to me and required for safe upgrades ( Can you help me understand the sentence above? Where is the case where this behavior is needed for safe upgrades? (I am asking out of cu

Bug#1058779: libk5crypto3 fails to install via apt (dpkg error) triggers ci file contains unknown directive 'set'

control: severity -1 normal control: tags -1 help > "Fernando" == Fernando Toledo writes: Fernando> as workarount i do apt-mark hold libk5crypto3 until Fernando> problem fixes I don't think this problem is likely to be in libkrb5crypto3. I don't have enough experience with the dpkg

Bug#1057729: pam FTCBFS: passes host flags to build compiler

> "Helmut" == Helmut Grohne writes: Helmut> Can I leave this up to you? To verify the cross build Helmut> failure, please use amd64 or arm64 as host Helmut> architecture. These are the only ones with Helmut> architecture-specific compiler flags. Up to who? Andreas? If so, I

Bug#1032207: libpam-modules: Drop pam_userdb

Bastian> Your suggestion splitting out and removing after one Bastian> release would be fine for me. Helmut, I was hoping for a sanity check. Bastian wants to split out some code from pam. He wants to move pam_userdb.so into its own package to remove db5.3 from the pseudo-essential set.

Bug#1032207: libpam-modules: Drop pam_userdb

> "Bastian" == Bastian Germann writes: Bastian> X-Debbugs-Cc: vor...@debian.org Hi Sam and Steve, Bastian> On Wed, 1 Mar 2023 18:34:50 +0100 Bastian Germann wrote: Bastian> I would volunteer to provide a patch for this but only if Bastian> it will be considered. The patch is

Bug#915583: debian sphinx styling: second attempt

>>>>> "Stéphane" == Stéphane Blondon writes: Stéphane> Le ven. 3 nov. 2023 à 15:43, Sam Hartman Stéphane> a écrit : >> >>>>> "Sean" == Sean Whitton writes: >> >> I'm happy

Bug#915583: debian sphinx styling: second attempt

> "Sean" == Sean Whitton writes: Sean> - it would be good to do some accessibility testing of some Sean> kind, at least with screenreaders. But maybe the fact that Sean> you've based your theme on an existing, popular Sphinx theme Sean> means this is covered? I'm happy to te

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

>>>>> "Lucas" == Lucas Nussbaum writes: Lucas> On 26/10/23 at 07:45 -0600, Sam Hartman wrote: >> >>>>> "Lucas" == Lucas Nussbaum writes: Lucas> Hi, >> Lucas> As an additional data point, I can still re

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

> "Lucas" == Lucas Nussbaum writes: Lucas> Hi, Lucas> As an additional data point, I can still reproduce this Lucas> failure. So, my understanding is that so far for you it always fails, and the evidence so far suggests that it generally (or always, but I am not sure we have long

Bug#1054228: pam FTBFS: No series file found

> "Helmut" == Helmut Grohne writes: Helmut> pam fails to build from source in unstable, because quilt no Helmut> longer recognizes the QUILT_PATCHES_DIR variable and Helmut> therefore does not find a series file. Renaming it to Helmut> QUILT_PATCHES fixes the build. I applied

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

> "Santiago" == Santiago Vila writes: Santiago> This could be simply a race condition. Santiago> I've seen many packages to fail their tests randomly Santiago> because of that. It could be a race, but given what I know of the tests, I doubt it is. Take a look at util/k5test.py

Bug#1052863: krb5: FTBFS: dh_auto_test: error: cd build && make -j1 check "TESTSUITEFLAGS=-j1 --verbose" VERBOSE=1 returned exit code 2

control: severity -1 normal > "Lucas" == Lucas Nussbaum writes: Lucas> Hi, Lucas> During a rebuild of all packages in sid, your package failed Lucas> to build on amd64. Lucas> Relevant part (hopefully): So, according to the build log, the make check failed because it coul

Bug#1052433: bookworm-pu: package pam/1.5.2-6+deb12u1

: #1029002 + + -- Sam Hartman Thu, 21 Sep 2023 14:55:12 -0600 + pam (1.5.2-6) unstable; urgency=medium * Update debian/copyright, Thanks Bastian Germann, Closes: #460232 diff --git a/debian/control b/debian/control index 4b685f16..9cdc3f81 100644 --- a/debian/control +++ b/debian/control @@

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

> "Luca" == Luca Boccassi writes: Luca> Aside from more practical considerations, shipping /var Luca> content in packages is problematic because it's supposed to be Luca> local variable data, I agree with the above. Luca> that can be removed without breaking a Luca> syst

Bug#1051371: Post-/usr-merge paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> On Wed, 13 Sept 2023 at 04:48, Russ Allbery wrote: >> >> Control: retitle -1 Post-/usr-merge paths for script interpreters >> >> Simon pointed out that this bug is not yet ready to act on, which >> was very helpful. Thank you

Bug#1039873: fixed in pam 1.5.2-7

> "Guido" == Guido Berhoerster writes: Guido> Are there plans to get this into stable-updates? No, not currently. But if you would agree to test in testing/unstable now, and test again once it gets into stable-proposed, I'd be happy to raise the severity to important so that it is eligib

Bug#1051371: Post-/usr-merge paths for script interpreters

> "Russ" == Russ Allbery writes: Russ> with a narrower issue). Several other people were, I think, Russ> arguing for (a), but I'm not sure if they would continue to do Russ> so when it's put in these terms. It's hard for me to express what I was advocating for in the terms you ha

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

> "Russ" == Russ Allbery writes: I don't know if this needs seconds, but I reviewed all the text and it looks good. If seconds are required, I second. signature.asc Description: PGP signature

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

> "Bill" == Bill Allombert writes: Bill> But we do: we support debhelper 13.11.4 and debhelper 13.11.6. Bill> Even if we support a single implementation, we still need to Bill> know what is expected of it. At that level, I think the answer is roughly that if you call dh_installsys

Bug#1051523: Doxygen changes breaks krb5 documentation build

> "Tianyu" == Tianyu Chen writes: Tianyu> During a local rebuild of krb5, your package failed to Tianyu> build. So, I'm guessing this is related to the upgrade in Debian from doxygen 1.9.4 to 1.9.8. The krb5 build process uses doxygen to generate an xml representation of the docume

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

> "Santiago" == Santiago Vila writes: Santiago> El 10/9/23 a las 4:09, Russ Allbery escribió: >> I therefore would like to propose a first: I think Policy should >> simply say that any package that provides a system service should >> use debhelper and rely on dh_installsystemd

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

> "Russ" == Russ Allbery writes: Russ> I therefore would like to propose a first: I think Policy Russ> should simply say that any package that provides a system Russ> service should use debhelper and rely on dh_installsystemd to Russ> put the appropriate commands in its mainta

Bug#1039102: debian-policy: make systemd units mandatory for packages shipping system services

> "Luca" == Luca Boccassi writes: Luca> On Sun, 10 Sept 2023 at 03:19, Russ Allbery wrote: >> >> Russ Allbery writes: >> >> > -If a service unit is not present, ``systemd`` uses dependency >> information > -contained within the init scripts and symlinks in >> `

Bug#945269: debian-policy: packages should use tmpfiles.d(5) to create directories below /var

> "Luca" == Luca Boccassi writes: Luca> On Sun, 10 Sept 2023 at 11:31, Simon McVittie wrote: >> >> On Sat, 09 Sep 2023 at 19:51:50 -0700, Russ Allbery wrote: >> > Luca, am I right that service directories are specific to, >> well, services? > If so, what would you think

Bug#963524: debian-policy: Binary and Description fields not mandatory in .changes on source-only uploads

> "Russ" == Russ Allbery writes: Russ> Here is an updated proposed change for this bug, incorporating Russ> Guillem's suggestions. It is ready for seconds. Russ> -- Russ Allbery (r...@debian.org) Russ> I have reviewed the patch; I support the

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> Secondly, and less importantly, while I appreciate it's not Luca> how you handle policy changes, the way the rest of the Luca> distribution works is by 'building consensus' on mailing Luca> lists. Now I don't particularly like it, but it

Bug#1041129: krb5-config install doesn't gracefully handle read-only /etc/krb5.conf file and errors out

> "Ben" == Ben Brenek writes: Ben> Installing Kerberos on other distributions with a similar setup Ben> does not result in this type of error. Which is why I'm opening Ben> this bug report. What forced you to install krb5-config though? Is there any hard dependency forcing this,

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Bill" == Bill Allombert writes: Bill> I would. Having two paths for the same thing is a technical Bill> debt going forward. I think the TC has made it clear we're committed to usrmerge at this point, and I think that one of the drivers behind usrmerge is that we gain more from hav

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

>>>>> "Ansgar" == Ansgar writes: Ansgar> On Wed, 2023-09-06 at 16:51 -0600, Sam Hartman wrote: >> > > > > > "Luca" == Luca Boccassi writes:     >> Luca> /bin/sh is not universally compatible with non-Linux OSes.

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> How would such a change look like? I looked at your patch. In most of the cases you are changing non-normative language. That is, parts of policy that do not create a requirement. For example: >Scripts may assume that "/bin/sh" implements the POSIX

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> /bin/sh is not universally compatible with non-Linux OSes. I claim it is more compatible. Luca> Also I thought that policy should not be used to beat other Luca> developers (it is because of this) and it should reflect the Luca> common

Bug#1051371: debian-policy: stop referring to legacy filesystem paths for script interpreters

> "Luca" == Luca Boccassi writes: Luca> Debian only supports merged-usr since Bookworm. We should Luca> update policy to reference /usr/bin/sh and similar paths to Luca> describe recommended shebangs for scripts. I do not support this change. /bin/sh should still be the recommen

Bug#1050001: Unwinding directory aliasing [and 3 more messages]

TL;DR: I think I understand one of Ian's points. I explain, but do not believe it is compelling as an argument to switch direction. > "Helmut" == Helmut Grohne writes: >> I think "package management" is the wrong term here. It's not >> just our tools and packages that are affected.

Bug#1050001: Unwinding directory aliasing

> "Ansgar" == Ansgar writes: Ansgar> And the more important question: how often do we want to Ansgar> rehash the usrmerge discussion? At some point we should Ansgar> stick with a decision and not endlessly restart discussions Ansgar> (unless something really significant chang

Bug#1043184: krb5: fails to build against glibc 2.38

> "Steve" == Steve Langasek writes: Steve> I've therefore prepared and uploaded the attached patch to Steve> mantic, which implements your option 1. I note you only Steve> mentioned adding Breaks: against older libk5crypto3; a scan Steve> of the binary packages showed many oth

Bug#982309: Session-Interactive-Only: no is equivalent to Session-Interactive-Only: yes

> "Lucas" == Lucas Nussbaum writes: Lucas> When using config snippets in /usr/share/pam-configs/, it Lucas> seems that 'Session-Interactive-Only: no' is equivalent to Lucas> 'Session-Interactive-Only: yes'. I'm not going to fix in this upload, because I don't have time to test a

Bug#1039873: pam-auth-update --disable does not work

> "Marc" == Marc Dequènes (duck) writes: Marc> Quack, Marc> Thanks for adding the feature in #1004000 but it unfortunately Marc> does not work. Um, yeah,:-( I finally got a chance to look into this. I think the following patch fixes my logic error. I've also added autopkgtests

Bug#1049374: bullseye-pu: package krb5/1.18.3-6+deb11u4

) bullseye; urgency=medium + + * Fixes CVE-2023-36054: a remote authenticated attacker can cause +kadmind to free an uninitialized pointer. Upstream believes remote +code execusion is unlikely, Closes: #1043431 + + -- Sam Hartman Mon, 14 Aug 2023 14:42:46 -0600 + krb5 (1.18.3-6+deb11u3

Bug#1049373: bookworm-pu: package krb5/1.20.1-2+deb12u1

attacker can cause +kadmind to free an uninitialized pointer. Upstream believes remote +code execusion is unlikely, Closes: #1043431 + + -- Sam Hartman Mon, 14 Aug 2023 14:06:53 -0600 + krb5 (1.20.1-2) unstable; urgency=medium * Tighten dependencies on libkrb5support0. This means that

Bug#1043184: krb5: fails to build against glibc 2.38

> "Samuel" == Samuel Thibault writes: Samuel> Why? Having spurious symbols doesn't break the build, and Samuel> these are internal symbols so that shouldn't harm Samuel> reverse-dependencies. Actually, the way I have it configured, extra symbols should break the build. I want th

Bug#1038128: libkrb5-dev: Please provide static libraries (.a)

> "John" == John Goerzen writes: John> I am attempting to enable curl support in dar. dar provides a John> standard binary and dar_static, which is to be used for John> emergency system rescues. John> Curl provides a static version (.a). Unfortunately, curl uses John> g

Bug#1043184: krb5: fails to build against glibc 2.38

> "Samuel" == Samuel Thibault writes: Samuel> strlcat and strlcpy were indeed added to glibc in version Samuel> 2.38, so it's not surprising that krb5 doesn't define its Samuel> internal versions any more, and the attached patch can Samuel> probably be applied? I guess I'd ne

Bug#1039102: debian-policy: make systemd units mandatory for packages shipping system services

> "Luca" == Luca Boccassi writes: >> I consider this proposal to be premature. Policy should document Luca> current >> practice, and I do not think this proposal does that. For what it's worth, I agree with Luca that we are ready for a change to document that service units need t

Bug#1040436: pev: confusing comments in autopkgtests

Source: pev Version: 0.81-9 Severity: minor While reviewing pev, I noticed that some of the comments in debian/tests/test-runs are inaccurate I think the following patch is sufficient diff --git a/debian/tests/test-runs b/debian/tests/test-runs index 675d4ec..9fe48fd 100755 --- a/debian/tests/

Bug#1039873: pam-auth-update --disable does not work

> "Marc" == Marc Dequènes (duck) writes: Marc> I don't recall if I tested the feature extensively but I Marc> updated my Ansible rules and it is ineffective. After Marc> switching a machine to bookworm I still get the module I want Marc> disabled around (it is reenabled during

Bug#1036234: unblock: krb5/1.20.1-2

equired, Closes: #1036055 + + + -- Sam Hartman Mon, 15 May 2023 17:44:41 -0600 + krb5 (1.20.1-1) unstable; urgency=high [ Bastian Germann ] diff --git a/debian/libkrb5support0.symbols b/debian/libkrb5support0.symbols index 827d80898a..5c3de884f5 100644 --- a/debian/libkrb5support0.symbo

Bug#1035904: What does merged /usr bring us

>>>>> "Sam" == Sam Hartman writes: Sam> Hi. Off list, I wanted to try to explain what I think merged My apology for sending a mail intended to be private to the bug. It was not my intent to clutter an already cluttered discussion. I was really just

  1   2   3   4   5   6   7   8   9   10   >