On Sat, Dec 09, 2006 at 11:01:01AM +0100, you wrote:
(Summary: [EMAIL PROTECTED] says patch in #318123 is insufficient)
No shit; I said that when I first saw the patch. The best solution for now is probably just to conflict with libpam-opensc; there's some work on rearchitecting the pam support in xlock, but that's not going to be done soon. The basic problem is that the pam support is rudimentary, and pushing it isn't going to lead to good results.
I still fundamentally disagree that this is a security bug, since it is something that only happens in a non-default configuration, only happens if the system administrator configures it that way, and isn't a working configuration anyway. (So it's not like someone's going to configure it this way and not know there's a problem.)
Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
