On Tue, 12 Feb 2019, at 12:02, Leonid Isaev via arch-general wrote:
I am sorry to ask this so late in the discussion, but why Arch default of the "other" module was insecure (and hence why the change)? Is there something wrong with pam_unix?
Not inherently. They implemented a suggestion from the upstream product manual and decided that it was OK to break random [authentication related] packages instead of fixing the reverse deps from official repos first and then changing pambase.
Either package maintenance responsibilities are really as fragmented as not to care at all or they just ignored it. Given that falconindy is the maintainer of pambase, I'll go with the latter interpretation (no judgement implied).