[Pkg-auth-maintainers] Bug#888892: No permission on U2F security key
Michael Biebl
biebl at debian.org
Wed Jan 31 10:35:18 UTC 2018
Am 31.01.2018 um 02:08 schrieb Michael Biebl:
> Control: reassign -1 libu2f-udev
>
> Am 31.01.2018 um 00:38 schrieb Kurt Roeckx:
>> That seems as good as the same as
>> /lib/udev/rules.d/70-debian-uaccess.rules, which actually seems to
>> cover more devices. So it was not installed, installing it didn't
>> have any effect.
>
> You should report your device to libu2f-udev then. Reassigning accordingly.
>
> As announced, /lib/udev/rules.d/70-debian-uaccess.rules will go away.
Let me add, what my reasons for dropping
/lib/udev/rules.d/70-debian-uaccess.rules are
a/ I don't think it makes sense to maintain this whitelist twice (in
libu2f and in udev as a downstream specific patch)
b/ If such a list has to maintained, it should preferably be done by
maintainers who own such hardware and are knowledgeable in that area.
c/ I don't want to maintain this list as a downstream patch to udev.
Adding this to udev upstream was rejected:
https://github.com/systemd/systemd/issues/102
d/ The reasons why 70-debian-uaccess.rules was added in the first place,
was a quick-fix to unbreak stretch, I don't plan to maintain that file
in the future.
e/ I'm not aware about the state of the proper U2F driver that is
mentioned in
https://github.com/systemd/systemd/issues/102#issuecomment-110105805 but
maybe a udev helper like fedora ships it
https://admin.fedoraproject.org/pkgdb/package/rpms/u2f-hidraw-policy/
which detects u2f devices automatically and so doesn't require a
hardware list to be continuously updated is a better approach. I'll
leave that up to the maintainer of libu2f to evaluate.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-auth-maintainers/attachments/20180131/1d15a5f4/attachment.sig>
More information about the Pkg-auth-maintainers
mailing list