[Pkg-samba-maint] Bug#903971: Bug#903971: closed by Mathieu Parent <math.parent at gmail.com> (Re: Bug#903971: ntdb: DoS issues upon offline data corruption, unmaintained upstream)
Andrew Bartlett
abartlet at samba.org
Tue Dec 11 07:51:48 GMT 2018
On Tue, 2018-12-11 at 08:22 +0100, Lionel Debroux wrote:
> Hi,
>
> Four days after this bug report was closed, on
> https://tracker.debian.org/pkg/ntdb , I see no indication that the NTDB
> packages were removed from unstable.
> This was the main point of this bug report: evicting an unmaintained
> code base with known (if CVE-less, AFAIK) security issues from the
> Debian archive, in time for Buster, as hinted by upstream :)
>
> That won't automatically remove the NTDB packages from the computers
> which already have them installed (nearly one in six computers which
> report to popcon lists libntdb1, for what popcon is worth), but at
> least, removing the NTDB packages from Buster onwards will help prevent
> programmers from using them, unknowing that they shouldn't do it.
> In the longer term, even TDB will disappear, as Samba is switching away
> from TDB to LMDB for performance reasons, though it was a clear security
> regression last time I looked. The few other projects which use TDB will
> eventually follow suit, or be replaced (e.g. pulseaudio, I'm told).
To be clear:
Samba isn't moving from TDB any time soon, it is a well understood,
trusted and reliable component. We are using LMDB in one component
(LDB) only for now, and only because of the 4GB limit of TDB.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the Pkg-samba-maint
mailing list