[Pkg-samba-maint] Updating the Samba package in Debian
Andrew Bartlett
abartlet at samba.org
Mon Jan 24 22:44:10 GMT 2022
On Mon, 2022-01-17 at 15:14 +0100, Mathieu Parent (Debian) wrote:
> Le lun. 17 janv. 2022 à 14:57, Andreas Hasenack
> <andreas at canonical.com> a écrit :
>
> > Usually we go in the other direction: move sources *out* of a
> > package.
> > The security team doesn't like embedded sources whenever possible.
> > Do
> > you think upstream is also moving in that direction, of stopping
> > independent development of ldb, or even recommending distributions
> > to
> > not ship it?
>
> As you probably already found, the ldb developement is happening in
> the samba's
> git repository. This is also the case for talloc, tdb and tevent, but
> those have
> very rare security fixes, and the dependency is not tightly coupled
> as ldb
> (samba-dsdb-modules depends on a very specific libldb2 (>> 2:2.2.3~)
> ,
> libldb2 (<< 2:2.2.4~)).
>
> Ref: https://packages.debian.org/bullseye/samba-dsdb-modules
Thanks for raising this. I have a number of times tried to move Samba
away from publishing independent ldb tarballs, as it is
counterproductive. ldb has always been developed by and for Samba as
an AD DC, it has no other independent life, but may be useful to others
(sssd).
Debian moving to ignore the ldb tar.gz releases and to instead use the
same sources from within the main samba tar.gz will assist in making
the argument that Samba should do likewise, as we find the extra work
problematic also.
So I very much encourage this.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
More information about the Pkg-samba-maint
mailing list