On Wed, Jan 11, 2012 at 03:12:39PM -0700, Bdale Garbee wrote: > On Sun, 11 Sep 2011 11:14:39 -0700, Kees Cook <k...@debian.org> wrote: > > Package: sudo > > Version: 1.7.4p6-1 > > Severity: normal > > Tags: patch > > User: ubuntu-de...@lists.ubuntu.com > > Usertags: origin-ubuntu oneiric ubuntu-patch > > > > The "mail_badpass" option should be enabled by default, since bad password > > attempts mask attempts at running sudo when not allowed (mail_no_user, > > etc). > > I'm ok with the idea of enabling mail_badpass by default in Debian, but > believe it should be done by adding that option to the sudoers Defaults > definition, not through a source patch. > > Is there some reason that wouldn't work for you?
It turns out to be the same, I just felt it was a stronger default in the code. I don't have a strong opinion. -Kees -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
