Bug#300720: Bug#300725: Bug#300720: [Pkg-shadow-devel] Bug#300720: Login: Configuration does not load limits.so while others do

Christian Perrier bubulle@debian.org
Mon, 9 May 2005 18:18:36 +0200


Quoting Martin Quinson (martin.quinson@loria.fr):

> > Advice requested to security and release teams.....
> 
> My advice is to prepare an upload to sarge containing this, the login
> setuid stuff, the open missing argument and any other comparable issues:
> small security improvement, nothing else.

The login setuid stuff has already been agreed by all parties,
including the security team, being NOT suitable for sarge. It has no
known security implications, so arguing to have it included in sarge
would be quit eimpossible.

So, at this moment, I only see this limits.so problem (#300720) as
possibly OK to fix in sarge, not more.

> 
> Then, if a new d-i gets builded for more important reasons, this will be
> right on the boat. If not, too bad. Those issues are not critical enough to
> delay the release by a d-i building cycle.

Shadow has nothing to do with d-i builds. So a new version of shadow
does not have any impact on D-I release cycles...

> 
> > If only all those people nitpicking shadow could have made some work
> > on it during the last year...:-(
> 
> I don't feel they're nitpicking. Security is important, and any bit securing
> the place is worthing it. 


Nitpicking is good. Doing it now only is less good..:-). All these
bugs exist in shadow for ages. Too bad they haven't been pushed while
it was still time to make them disappear....