[arch-general] pambase - creating needed files for apps with normal user auth - pam_unix.so?
David C. Rankin
drankinatty at suddenlinkmail.com
Sat Feb 23 04:49:43 UTC 2019
On 02/20/2019 11:10 AM, Eli Schwartz via arch-general wrote:
> From a QA point of view, if no one found the packages which lack a
> policy in the several years the pambase ticket was open for, then
> putting a permissive policy back in place means we will, once again,
> never find these packages.
Well, that is somewhat a "straw-man" argument. I is rather difficult to find
packages which lack a policy when (1) you don't know there is a pambase bug
open or (2) that a default change to pambase is coming until things start
breaking. The last note on the homepage is for "ibutf8proc>=2.1.1-3 update
requires manual intervention" from July 2018.
I don't mind learning PAM, but it is horribly inconvenient when you have
time-critical documents to scan for the Court that suddenly won't make it from
the copier to the server any more.
Somewhere there is a fine line between what a normally adept user should be
expected to know and topics that developers are working with. That was made
clear when public posts to the arch-dev list were suspended.
Knowing that there are likely a number of packages that still need a policy,
like vsftpd, is there somewhere we should keep a list so that packages can
include the policy and an install script? Or should we just mail the
maintainer directly? Doesn't seem like a bug is warranted, but I'll defer to
whatever the consensus is.
--
David C. Rankin, J.D.,P.E.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20190222/192c3117/attachment.sig>
More information about the arch-general
mailing list