[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
There has been not further update for too long, for now we consider it invalid. Feel free to re-open if there is effort backing it up and motivation to bring it to main. ** Changed in: opensc (Ubuntu) Status: Incomplete => Invalid ** Changed in: pcsc-lite (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Invalid Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: Invalid Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satis
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Foundations doesn't have any aspirations of driving this forward currently. So we'll let it sit here for now. ** Tags added: fr-2980 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: Incomplete Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant que
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
** Changed in: pcsc-lite (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: Incomplete Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] Dependency of pcsc-tools; thi
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Desktop no longer has engineering goals to support smart cards. Foundations team might. Security Team is blocked until there is a mandate, an owning team, hardware funding, and possibly engineering support to resolve https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530 Unassigning Security Team. ** Changed in: ccid (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) ** Changed in: opensc (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) ** Changed in: pcsc-lite (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perla
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
** Changed in: ccid (Ubuntu) Assignee: Ray Veldkamp (rayveldkamp) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background info
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
** Tags added: sec-407 ** Tags added: sec-408 sec-409 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] Dependency of pcsc-tools; this library provides
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Triaging to Medium, we would still like to see that stack installed by default but it's not going to be for the coming LTS at this point. ** Changed in: pcsc-lite (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, however it is expec
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
** Changed in: ccid (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => Ray Veldkamp (rayveldkamp) ** Changed in: ccid (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: In Progress Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team w
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
I've reported the lack of symbols to Debian on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997932 with a patch now ** Bug watch added: Debian Bug tracker #997932 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997932 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, howeve
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
The plan seems quite solid, and I do agree that having some more testing would be nice (also using libsofthsm2 can help here I think). I'm not sure if all this can be achieved by the next LTS though, which I think we're targetting. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it seems funny all the same. Otherwise appears to satisfy FHS and Debian policy. [Maintenance] The desktop team will subscribe to bugs, ho
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Now that the security team has some new hires, we're looking at reviving this series of tasks. Looking through the bug I have come up with the following outstanding items: - Add a .symbols file to opensc - try to add vsmartcard-vpicc + vsmartcard-vpcd autopkgtests - a formal list of 'supported cards' that we will test with and expect to work - try to address the awkward path of libraries, /lib/pam_pkcs11/ - make pcscd not run as root https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530 Did I overlook anything? Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is store
Re: [Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
On Mon, May 3, 2021 at 10:20 AM Ludovic Rousseau <1892...@bugs.launchpad.net> wrote: > > opensc-pkcs11.so is a PKCS#11 lib so the its API conforms to the > standard defined in https://docs.oasis- > open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html Thanks Ludovic for adding the expert details! And that makes me re-consider this to "yes we should add .symbols". > If you really need to move opensc-pkcs11.so & pkcs11-spy.so in a subdir > I would recommand to use /usr/lib/*/pkcs11/ as it is already the case. Well, since there are external users it will be much harder to move things. As they all need to be compatible (or adapted) to the new place. Still worth having a look to move them, but more complex and more potential impact than what I expected before your explanation. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't ru
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
opensc-pkcs11.so is a PKCS#11 lib so the its API conforms to the standard defined in https://docs.oasis- open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html If you are looking for .h header files you can use: https://www.oasis-open.org/committees/document.php?document_id=55655&wg_abbrev=pkcs11 https://www.oasis-open.org/committees/document.php?document_id=55656&wg_abbrev=pkcs11 https://www.oasis-open.org/committees/document.php?document_id=55657&wg_abbrev=pkcs11 pkcs11-spy.so is a spy/debug library. It uses the same API. A PKCS#11 library is, in general, dynamically loaded using dlopen(3). So the dependency is not visible from an application using the library (for example Firefox). If you really need to move opensc-pkcs11.so & pkcs11-spy.so in a subdir I would recommand to use /usr/lib/*/pkcs11/ as it is already the case. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Te
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Thank you Marco and Sebastien, > * the launchpad buglist has been triaged a bit and fixed issues closed Thanks! >From your bug cleanup did you spot any kind of setup/HW that you want to >restrict/exclude? Was there any common pattern that makes up most of the formerly seen bad reports? > * the dh_missing has been reported to Debian now, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987817 Yeah, I think that is enough for now. > the libraries are private (no .so provided, other softwares can't really build with it), ideally they would move it to a subdir but do we really need .symbols added in such cases? I agree this is a case where it is a tough decision if it is strictly required due to them being "meant" private. But I'd not agree that there are no .so files provided. root@h:~# dpkg -L opensc opensc-pkcs11 | grep '\.so' /usr/lib/x86_64-linux-gnu/libopensc.so.7.0.0 /usr/lib/x86_64-linux-gnu/libsmm-local.so.7.0.0 /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11-spy.so /usr/lib/x86_64-linux-gnu/libopensc.so.7 /usr/lib/x86_64-linux-gnu/libsmm-local.so.7 /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/pkcs11-spy.so $ nm --dynamic $(dpkg -L opensc-pkcs11 | grep '\.so' | xargs) | pastebinit https://paste.ubuntu.com/p/7SpfQ5gW26/ So there are in theory symbols, but I agree it still is not really usable (or meant to be used). As there are for example no headers for it :-) And OTOH adding symbols files is a rather trivial task that protects against some bad breakage. So is it strictly mandatory: hmm, debatable ... I guess no. I'd say as prereq add symbols OR move to subdir - of which the latter is the much more useful and correct thing to do. And as there are no other users you won't have to touch any other package for that change. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standar
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
@opensc * the dh_missing has been reported to Debian now, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987817 * the launchpad buglist has been triaged a bit and fixed issues closed * the libraries are private (no .so provided, other softwares can't really build with it), ideally they would move it to a subdir but do we really need .symbols added in such cases? ** Bug watch added: Debian Bug tracker #987817 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987817 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/
[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Updating the title, hopefully it reflects correctly what needs to be promoted. @Marco, the binaries we want installed are those 'libpam-sss opensc- pkcs11 pcscd' right? libpam-sss is already in main and pcscd depends on libccid which also needs promotion as a result ** Summary changed: - [MIR] ccid libpcsc-perl opensc pcsc-tools pcsc-lite + [MIR] ccid opensc pcsc-lite -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite Status in ccid package in Ubuntu: New Status in opensc package in Ubuntu: Incomplete Status in pam-pkcs11 package in Ubuntu: Invalid Status in pcsc-lite package in Ubuntu: New Status in pcsc-perl package in Ubuntu: Invalid Status in pcsc-tools package in Ubuntu: Invalid Bug description: ==> ccid <== [Availability] ccid is in universe, and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs for ccid are listed in our database. Doesn't appear to bind to a socket. No privileged executables, but does have udev rules. Probably needs a security review. [Quality assurance] No test suite. Does require odd hardware that we'll probably need to buy. I don't see debconf questions. ccid is well maintained in Debian by upstream author. One open wishlist bug in BTS, harmless. One open bug in launchpad, not security, but looks very frustrating for the users. The upstream author was engaged but it never reached resolution. https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465 Has a debian/watch file. Quilt packaging. P: ccid source: no-dep5-copyright P: ccid source: package-uses-experimental-debhelper-compat-version 13 [Dependencies] Minimal dependencies, in main [Standards compliance] Appears to satisfy FHS and Debian policy [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] ccid provides drivers to interact with usb-connected smart card readers. ==> libpam-pkcs11 <== [Availability] Source package pam-pkcs11 is in universe and builds on all architectures. [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] No CVEs in our database. Doesn't appear to bind to sockets. No privileged executables (but is a PAM module). As a PAM module this will require a security review. [Quality assurance] The package does not call pam-auth-update in its postinst #1650366 Does not ask questions during install. One Ubuntu bug claims very poor behaviour if a card isn't plugged in. No Debian bugs. Occasional updates in Debian by long-term maintainer. Does require odd hardware that we'll probably need to buy. Does not appear to run tests during build. Has scary warnings in the build logs. Has a debian/watch file. Ancient standards version; other smaller lintian messages, mostly documentation problems. Quilt packaging. [Dependencies] Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1 All are in main. [Standards compliance] The package does not call pam-auth-update in its postinst #1650366 Otherwise looks to conform to FHS and Debian policies [Maintenance] The desktop team will subscribe to bugs, however it is expected that the security team will assist with security-relevant questions. [Background information] This PAM module can use CRLs and full-chain verification of certificates. It can also do LDAP, AD, and Kerberos username mapping. ==> libpcsc-perl <== [Availability] Source package pcsc-perl is in universe, builds for all architectures, plus i386 [Rationale] The desktop team and security team are interested in bringing smartcard authentication to enterprise desktop environments. [Security] There are no cves for pcsc-perl in our database. No privileged executables. Doesn't appear to bind to sockets. Probably needs a security review. [Quality assurance] Library package not intended to be used directly. No debconf questions. No bugs in Debian. No bugs in Ubuntu. Does require odd hardware that we'll probably need to buy. Tests exist, not run during the build; probably can't run during the build. Includes debian/watch file. A handful of lintian issues Quilt packaging. [Dependencies] libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0. All are in main. [Standards compliance] One oddity, Card.pod is stored in /usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/ Many other perl packages have .pod files in these directory trees so maybe it's fine, but it s