About repackaging:
Since this is a bug against the fileserver, I would say that our primary focus 
should be on getting a fix for dapper. Also Gutsy is of some importance since i 
do belevie that there is some people out there running gutsy servers.
Considering that i have never done any .deb packaging, it would take me a long 
time to find the relevant security patch from 1.4.5 to 1.4.6, apply it to 
1.4.1-2 (dapper) and repackage. Perhaps with some help from Russ to find the 
actual patch i will give it a go.

Another option:
What about debian stable? Is 1.4.2-6 (etch) going to be patched, if so, can we 
draw from the effort there?

Perhaps not relevant:
The kernel modules for edgy is broken. This is an old bug which has been closed 
with a backport release, which essentially does not solve the problem for 
non-backport users and fresh installs. I'm not sure how many edgy clients are 
still out here, so perhaps it's not worth the effort. But it should receive 
both a security patch for the fileserver, and version upgrade to 1.4.4 at least 
in order to make the kernel modules compile.

Also:
Don't forget the security issue 2007-001 (#94787) with all versions < 1.4.4, so 
in fact we should create two patches for dapper. Either that, or we figure out 
a way to get 1.4.6 to work on dapper, what do you guys say?

-- 
SA 2007-003: Denial of service in OpenAFS fileserver
https://bugs.launchpad.net/bugs/180792
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to