[Pkg-samba-maint] Samba and badlock in Debian

Andrew Bartlett abartlet at samba.org
Mon Apr 4 09:16:18 UTC 2016 

On Mon, 2016-04-04 at 10:37 +0200, Alain Deléglise wrote:
> Hi list,
> 
> we're really concerned about the badlock bug. As mentionned in the
> Samba
> release planing, the 4.1 versions will not be covered by the security
> patches. Unfortunately we're using the 4.1 version, as we use Debian
> wheezy and jessie on production servers.
> 
> I've read, in a recent message
> http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2016-March/0
> 18057.html,
> that we're not the only one to be concerned :)
> 
> How will you manage this problem ? How can one get a maintened
> package
> for debian versions, other than unstable ?

One option is to backport Samba 4.3 or 4.4 (which I hope to upload to
experimental shortly).  Providing and maintaining a backport of Samba
and the relevant libraries would be most helpful for many of our users.

> I see that the 4.3.6 is in testing state, but the tracker contains no
> information about badlock. Am I missing something ?

This issue is not yet public, so no patches are publicly available to
address them, so you won't see anything until the 12th.

> As Sernet provides pre-compiled, pre-packaged paid packages of Samba,
> how the community will achieve security standards on entreprise class
> open-source softwares, such as Samba ?

I'm not sure what you are asking about here.

> Finally, how can I/we help you guys on maintaing Samba in Debian ?

As you can see here, we do need help:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814382

Tasks include bug triage, (mostly telling folks to report issues
upstream), packaging new versions as they come out, etc.

In the short term the best thing that would help is testing the
unstable and soon to be uploaded experimental packages.

Finally, do trust that we take the maintenance of Samba in Debian
seriously.  We are very short-staffed, and in the long run new
packagers would make a massive difference. 

We will get 'badlock' dealt with one way or the other, but we can't
really talk about it more than that in public right now.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the Pkg-samba-maint mailing list