[arch-dev-public] Moving heimdal to core
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug: http://bugs.archlinux.org/task/8373 Any problems with this?
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
http://bugs.archlinux.org/task/8373
Any problems with this?
One last poke here - I'm going to do this in a few hours if no one has an issue.
On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
http://bugs.archlinux.org/task/8373
Any problems with this?
One last poke here - I'm going to do this in a few hours if no one has an issue.
I am actually against it, based on the dialog in the bug ticket.. Is this patch not included upstream, as the ticket mentioned? If that is the case, and considering the extreme sensitivity of ssh in general, I think we should as close to upstream as possible. I venture a bet that not many people use kerberos'd ssh too. I guess I don't see why somebody couldn't build their own ssh package with the kerberos patches.
On Nov 27, 2007 11:16 AM, eliott <eliott@cactuswax.net> wrote:
I am actually against it, based on the dialog in the bug ticket.. Is this patch not included upstream, as the ticket mentioned? If that is the case, and considering the extreme sensitivity of ssh in general, I think we should as close to upstream as possible.
The patch is secondary. openssh supports kerberos and thus heimdal without any patches.
I venture a bet that not many people use kerberos'd ssh too. I guess I don't see why somebody couldn't build their own ssh package with the kerberos patches.
True, but it's really just a configure flag, and Jan uses it, which weighs a lot. Either way, I didnt really want to question that specific bug there, but wanted to question moving heimdal to core - kerberos support libs in our core repository sounds reasonable to me
Either way, I didnt really want to question that specific bug there, but wanted to question moving heimdal to core - kerberos support libs in our core repository sounds reasonable to me
Yeah. I guess I don't see a problem with it (the heimdal package) being in core.
eliott wrote:
On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
http://bugs.archlinux.org/task/8373
Any problems with this? One last poke here - I'm going to do this in a few hours if no one has an issue.
I am actually against it, based on the dialog in the bug ticket.. Is this patch not included upstream, as the ticket mentioned? If that is the case, and considering the extreme sensitivity of ssh in general, I think we should as close to upstream as possible.
I venture a bet that not many people use kerberos'd ssh too. I guess I don't see why somebody couldn't build their own ssh package with the kerberos patches.
I agree that the security of ssh is of paramount importance, but also recognize that the kerberos patches might be necessary for some. Has anyone looked critically at the patches and have anything at all to say about what security risks they may present? If not, I think I agree with elliott, we should not include them. - P
On Nov 27, 2007 2:35 PM, Paul Mattal <paul@mattal.com> wrote:
Has anyone looked critically at the patches and have anything at all to say about what security risks they may present? If not, I think I agree with elliott, we should not include them.
They are included in debian, ubuntu, and solaris all use this patch on their default, stable, openssh package. That's enough critical review for me.
Paul Mattal wrote:
eliott wrote:
On 11/27/07, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
http://bugs.archlinux.org/task/8373
Any problems with this? One last poke here - I'm going to do this in a few hours if no one has an issue. I am actually against it, based on the dialog in the bug ticket.. Is this patch not included upstream, as the ticket mentioned? If that is the case, and considering the extreme sensitivity of ssh in general, I think we should as close to upstream as possible.
I venture a bet that not many people use kerberos'd ssh too. I guess I don't see why somebody couldn't build their own ssh package with the kerberos patches.
I agree that the security of ssh is of paramount importance, but also recognize that the kerberos patches might be necessary for some.
Has anyone looked critically at the patches and have anything at all to say about what security risks they may present? If not, I think I agree with elliott, we should not include them.
Sorry, I think I crossed with another message on this topic which I should have read first. If this is just a compile-time flag already fully supported by openssh upstream, I'm for it. - P
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
Ok, I moved it in CVS, so it's there. I'm just going to move the existing package without a verbump, from extra to core, as that shouldn't cause any issues. Still, I took a look at the heimdal PKGBUILD for the very first time - yeesh, is all that still needed? Do we really need to uninstall heimdal and build twice? Can someone take a crack at possibly simplifying that one?
Am Mittwoch, 28. November 2007 schrieb Aaron Griffin:
On Nov 26, 2007 2:04 PM, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
I'd like to move heimdal to core/lib. This gives us kerberos libs in core, and will close out this bug:
Ok, I moved it in CVS, so it's there.
I'm just going to move the existing package without a verbump, from extra to core, as that shouldn't cause any issues.
Still, I took a look at the heimdal PKGBUILD for the very first time - yeesh, is all that still needed? Do we really need to uninstall heimdal and build twice? Can someone take a crack at possibly simplifying that one?
_______________________________________________ arch-dev-public mailing list arch-dev-public@archlinux.org http://archlinux.org/mailman/listinfo/arch-dev-public
well i ran into this on linuxtag 2007 and it causes weird recompile issues if you don't do so. greetings tpowa -- Tobias Powalowski Archlinux Developer & Package Maintainer (tpowa) http://www.archlinux.org tpowa@archlinux.org
On Nov 28, 2007 1:36 AM, Tobias Powalowski <t.powa@gmx.de> wrote:
well i ran into this on linuxtag 2007 and it causes weird recompile issues if you don't do so.
I don't see anything similar in build scripts for other distros, but maybe I'm not looking hard enough. Our current PKGBUILD is more complex than the gentoo ebuild, which is a big problem
Am Mittwoch, 28. November 2007 schrieb Aaron Griffin:
On Nov 28, 2007 1:36 AM, Tobias Powalowski <t.powa@gmx.de> wrote:
well i ran into this on linuxtag 2007 and it causes weird recompile issues if you don't do so.
I don't see anything similar in build scripts for other distros, but maybe I'm not looking hard enough. Our current PKGBUILD is more complex than the gentoo ebuild, which is a big problem
_______________________________________________ arch-dev-public mailing list arch-dev-public@archlinux.org http://archlinux.org/mailman/listinfo/arch-dev-public
the problem was if heimdal was already installed it linked against itself, i remeber this from xine. im not that heimdal expert it was just my observation while doing the heimdal bump on linuxtag. greetings tpowa -- Tobias Powalowski Archlinux Developer & Package Maintainer (tpowa) http://www.archlinux.org tpowa@archlinux.org
participants (4)
-
Aaron Griffin
-
eliott
-
Paul Mattal
-
Tobias Powalowski