[Pkg-openldap-devel] Bug#589915, bug#598361

Quanah Gibson-Mount quanah at zimbra.com
Mon Feb 28 22:37:16 UTC 2011

In response to bug#589915, a patch was made against OpenLDAP that was ill 
advised.  Results and potential consequences are noted in bug#598361.  In 
the original bug report for bug#589915, it sounded like the author was 
going to fix other packages to take care of the issue, rather than hacking 
on OpenLDAP.  Unfortunately, that is not what was done.  I'm rather 
surprised by two things

a) That this patch was ever allowed in
b) That it has been allowed to remain in even after it was found to raise 
serious issues with Debian's openldap build.

I've filed <http://www.openldap.org/its/index.cgi/?findid=6848> so that the 
OpenLDAP foundation can create a correct solution to the issue.  In the 
meantime, I highly advise that the existing patch be removed, and new 
packages built and pushed to end users before people start encountering 
severe problems because of this patch.  I confirmed with the OpenLDAP 
developers that there is a serious risk of database corruptions while this 
patch remains in place.  There also may be TLS/SSL issues related to the 
use of GnuTLS and pre-fork bugs it has being triggered by this patch as 

I understand that the Debian project has numerous highly skilled and 
intelligent programmers involved with it.  I understand applying Debian 
specific patches to documentation and minor code tweaks to adjust for the 
path layouts Debian requires.  What I don't understand is why the Debian 
project lacks a policy requiring patches that make significant behavior 
changes to upstream projects be vetted by the upstream maintainers (when 
possible, as I understand some projects go dead).  I would have thought 
Debian would have learned its lesson after the whole OpenSSL fiasco a few 
years ago.  It is disappointing to see that instead Debian continues to go 
on making changes to software where it has absolutely no clue what the 
impacts will be or an understanding of why basic design decisions were made 
by the upstream developers, and that it is willing to do so even when a 
perfectly vibrant upstream community exists that can be contacted to ensure 
these types of situations are avoided in the first place.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration

More information about the Pkg-openldap-devel mailing list