On Mon, Feb 20, 2012 at 07:36:14PM +0000, Adam D. Barratt wrote: > On Mon, 2012-02-20 at 19:15 +0100, Moritz Muehlenhoff wrote: > > On Mon, Feb 20, 2012 at 11:04:20AM +0100, Thijs Kinkhorst wrote: > > > The patch looks good, but the targeted distribution should be 'stable', > > > not 'stable-security', as the intention was to fix this through a stable > > > point update.
I misunderstood. Sorry about that. > > The fix needs to be acked by the stable release managers, adding them to CC. > > Hmmm, it would be nicer if it were still possible to log commands that > the key /should/ be permitted to access, but I'm guessing that would be > a more involved and invasive change. This isn't an access list; it's a forced command, overriding whatever the client tries to do. If authentication succeeds and it gets as far as executing the command, then that's already logged at -d in the server; see session.c:do_exec. > Based on the debdiff in > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445#29 , please go > ahead (with the distribution set to "stable" or "squeeze"). Uploaded, thanks. -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
