On Tue, 2020-07-07 at 22:04 +0200, Chris Hofstaedtler wrote: > Do any of you think the situation has changed since 2013? > > Personally I would not want to have once popular NSS and PAM > libraries in the next stable release, if upstream has vanished a long > time ago.
Looking at the popcon stats (which may not be very representative because large workstation networks are unlikely to participate): https://qa.debian.org/popcon-graph.php?packages=libnss-ldap%20libpam-ldap%20libnss-ldapd%20libpam-ldapd%20libnss-sss%20libpam-sss&show_installed=on&want_legend=on&want_ticks=on&date_fmt=%25Y-%25m&beenhere=1 It seems that all three alternatives are currently about equally popular. It does seem that the old implementation popularity is steadily declining and sssd is gaining popularity. There are still a few use cases for at least libpam-ldap that are not covered by libpam-ldapd (e.g. #845681) (I don't know if sssd covers those). While upstream is inactive for both libnss-ldap and libpam-ldap for a few years now, there do not appear to be any RC bugs in them. Given the kind of code it is also unlikely that any new vulnerabilities will be found in them which haven't been found in the last 15 years or so. If they become a burden or risk I would be more eager to say remove them, but the current costs of keeping them around is so low that the benefits for their users probably outweigh them. Then again, I don't have a very strong opinion on it so if someone has a good reason to remove them I won't object. At least I'm not going to step up to become maintainer of those packages ;). Kind regards, -- -- arthur - adej...@debian.org - https://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part