[Pkg-openldap-devel] RE: LDAP/BDB log purging (fwd)
Quanah Gibson-Mount
quanah at stanford.edu
Wed Mar 7 00:13:27 UTC 2007
--On Tuesday, March 06, 2007 3:01 PM -0800 Russ Allbery <rra at debian.org>
wrote:
> Quanah Gibson-Mount <quanah at stanford.edu> writes:
>
>> Just to follow up on this point -- I understand the desire to move away
>> from BDB 4.2. However, I feel that as long as it is being offered, I
>> would expect it to be maintained well at least as far as using what the
>> upstream provider says is necessary. The patch in question has been out
>> for nearly 2 years (March 22, 2005), and was noted as a requirement for
>> use with OpenLDAP 2.3. If there was a major security vulnerability
>> announced in the OpenLDAP 2.1 libraries, and a patch was provided by
>> upstream to handle it, I'd expect that would end up in Debian as long as
>> the 2.1 libraries are offered. With a database, I'd expect fixes that
>> cause data corruption to be added to the package as long as it is made
>> available. It may not be a security vulnerability, but it is a severe
>> problem that affects the users of the software, and I know they have
>> expectations as to how they believe the product is packaged and its
>> reliability.
>
> Yeah, well, I don't disagree with you, but I also don't have a stick to
> hit people with until they do my will. :) It's a volunteer project, and
> there's more work and more packages in Debian than there are maintainers
> with time to stay very closely involved with upstream. I know it's
> frustrating. It's just a constraint that we have to work with. It's not
> malice, just being way too busy. Y'know, the same reasons why lsdb is
> still running on Solaris and Oracle and using an ancient
> Stanford::Directory. :)
I certainly understand. I'm having a hard enough time right now getting
the work done I'm paid to do. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list