[Pkg-samba-maint] Bug#903971: closed by Mathieu Parent <math.parent at gmail.com> (Re: Bug#903971: ntdb: DoS issues upon offline data corruption, unmaintained upstream)

Lionel Debroux lionel_debroux at yahoo.fr
Tue Dec 11 07:22:21 GMT 2018


Hi,

Four days after this bug report was closed, on
https://tracker.debian.org/pkg/ntdb , I see no indication that the NTDB
packages were removed from unstable.
This was the main point of this bug report: evicting an unmaintained
code base with known (if CVE-less, AFAIK) security issues from the
Debian archive, in time for Buster, as hinted by upstream :)

That won't automatically remove the NTDB packages from the computers
which already have them installed (nearly one in six computers which
report to popcon lists libntdb1, for what popcon is worth), but at
least, removing the NTDB packages from Buster onwards will help prevent
programmers from using them, unknowing that they shouldn't do it.
In the longer term, even TDB will disappear, as Samba is switching away
from TDB to LMDB for performance reasons, though it was a clear security
regression last time I looked. The few other projects which use TDB will
eventually follow suit, or be replaced (e.g. pulseaudio, I'm told).


Best regards,
Lionel Debroux.



More information about the Pkg-samba-maint mailing list