I apologize, on further more careful checking, it is as you say. The security update to stable happened close in time to the regular unstable update, and I conflated the two in my confusion about the bug.
I will say that the bug in unstable is at the very least a serious UI bug. If the problem is that afs keys are using over-weak encryption, the error message the user sees when they type "aklog" could surely be better than saying "unknown error" with a big negative number, and the kdc log saying that the principal simply doesn't exist. Thomas On Fri, 2010-01-15 at 11:11 -0500, Sam Hartman wrote: > >>>>> "Thomas" == Thomas Bushnell BSG <t...@becket.net> writes: > > Thomas> This bug was propagated to the *stable* release because of > Thomas> the recent (minor) security issue. > > > Thomas, I'm having a hard time substantiating this claim. > According to my rmadison: > krb5 | 1.6.dfsg.4~beta1-5lenny2 | proposed-updates | source > > I believe that's also the same version in stable-security. > > Looking at what commits were merged to the lenny-security branch in my > git, I do not believe any of the changes related to this bug are in > stable. In fact, the code necessary to disable weak crypto support in > the manner done recently in unstable was *introduced* in krb5 1.7; > stable has 1.6.4 roughly. > > Now, it's possible I did something really stupid on the packaging front. > If I did somehow manage to upload krb5 1.8 to stable and call it 1.6 > that would be disastrous as you claim. However can I get you to > approach this with the assumption that something non-obvious is going on > here and check your details and let me know what you're seeing? > > --Sam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
