[Pkg-samba-maint] Samba and badlock in Debian
Alain Deléglise
alain.deleglise at alterway.fr
Mon Apr 4 09:46:56 UTC 2016
On Mon, 2016-04-04 at 10:37 +0200, Alain Deléglise wrote:
>> Hi list,
>>
>> we're really concerned about the badlock bug. As mentionned in the
>> Samba
>> release planing, the 4.1 versions will not be covered by the security
>> patches. Unfortunately we're using the 4.1 version, as we use Debian
>> wheezy and jessie on production servers.
>>
>> I've read, in a recent message
>> http://lists.alioth.debian.org/pipermail/pkg-samba-maint/2016-March/0
>> 18057.html,
>> that we're not the only one to be concerned :)
>>
>> How will you manage this problem ? How can one get a maintened
>> package
>> for debian versions, other than unstable ?
> One option is to backport Samba 4.3 or 4.4 (which I hope to upload to
> experimental shortly). Providing and maintaining a backport of Samba
> and the relevant libraries would be most helpful for many of our users.
>
>> I see that the 4.3.6 is in testing state, but the tracker contains no
>> information about badlock. Am I missing something ?
> This issue is not yet public, so no patches are publicly available to
> address them, so you won't see anything until the 12th.
>
>> As Sernet provides pre-compiled, pre-packaged paid packages of Samba,
>> how the community will achieve security standards on entreprise class
>> open-source softwares, such as Samba ?
> I'm not sure what you are asking about here.
>
>> Finally, how can I/we help you guys on maintaing Samba in Debian ?
> As you can see here, we do need help:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814382
>
> Tasks include bug triage, (mostly telling folks to report issues
> upstream), packaging new versions as they come out, etc.
>
> In the short term the best thing that would help is testing the
> unstable and soon to be uploaded experimental packages.
>
> Finally, do trust that we take the maintenance of Samba in Debian
> seriously. We are very short-staffed, and in the long run new
> packagers would make a massive difference.
>
> We will get 'badlock' dealt with one way or the other, but we can't
> really talk about it more than that in public right now.
>
> Andrew Bartlett
>
Hi Andrew,
thanks for this quick answer.
I will respond on the
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814382 asking what can
I do.
I'm sure that you guys are serious about maintaing Samba for Debian, and
please be sure that me
and my fellow colleagues would pay you a beer if you somehow manage to
come in France ;)
However, do you have resources (tutorial, documentation) on how to
"properly" backport Samba 4.3 or 4.4 ?
Do you have work to do for me right now, I'm a sysadmin and dont know
how to C :p
Finally, I'm talking about Sernet because of their decision to make
their packages for a fee.
I do respect their decision, but IMO it complexify the process of
maintaing "enterprise class OSS",
by making volunteers think that their work is not recognized ...
Thanks again,
Alain Deléglise
More information about the Pkg-samba-maint
mailing list