Folks, For a long time, the Debian pam package has been carrying a local patch to add support for Linux capabilities in pam_limits. While catching up on bug triage work on the package, I've come to the conclusion that this functionality is broken, useless, and that no one actually uses it; it was broken for several years, leaking memory for longer, and now that it's fully "fixed" it's still insanely cumbersome to use, so I conclude that no one actually uses it or we would have heard complaints before now.
For gory details on what's wrong with pam_limits' capabilities support, please see bug #440130. The short summary, though, is that unless someone speaks up in defense of this code, preferably with a clear explanation of how it's possible to do anything useful with it, I'm planning to kill off this patch in the near future. Advantages of doing so are one less local patch being carried around that's not up to snuff for upstream, and being able to drop libcap1 from the base system since libpam-modules is the only base package that depends on it. Comments? Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
