Bug#1106402: dpkg-source, native source package format with non-native version

> "Timo" == Timo Röhling writes: Timo> Guillem argues in the original bug that the versioning scheme Timo> is an important part of the distinction between native and Timo> non-native packages and explicitly encoded as such in Debian Timo> Policy. Several of us argued both bac

Bug#1103034: libpam-modules: pam 1.7.0 behavior changed with regards to DNS domain resolution

> "Alban" == Alban Browaeys writes: Alban> Have you seen my update on this issue ? Ie the release is Alban> close. I don't know how to diagnose this issue further (ie Alban> why LAN domain is not resolved at all by pam_access). And I Alban> don't think I will be able to devot

Bug#1106402: dpkg-source, native source package format with non-native version

> "Ian" == Ian Jackson writes: Ian> I would like the Technical Committee to explicitly use its Ian> power in Constitution 6.1 (1) "Decide on any matter of Ian> technical policy" to decide that: Ian, thanks so much for pushing this forward. I support Ian's request, his reasoning

Bug#1104882: bookworm-pu: package krb5/1.20.1-2+deb12u4

> "Bastien" == Bastien Roucaries writes: Thanks, Bastien, for preparing this update. I do have a couple of comments for the stable release team to consider: Bastien> [ Reason ] CVE-2025-3576 Bastien> [ Impact ] CVE-2025-3576 is not fixed. It's not clear what the impact of this is.

Bug#1104643: Don't consider tests during build that can use internet if available as rc buggy

> "Pirate" == Pirate Praveen writes: Pirate> That was a temporary error. By disabling that test, we are Pirate> losing out on useful tests. I think we absolutely do not want a failure in an external service to cause a package to FTBFS either on buildds or for individual users. Ideal

Bug#1103856: pam: Consider increasing the default memlock from the current 8MiB to 64MiB

> "Soren" == Soren Stoutner writes: Soren> The purpose of this bug report is to ask if there are any Soren> downsides to setting the default memlock value to 64 MiB. If Soren> not, would that be a change you would be willing to make? I think it would be relatively harmless to r

Bug#1094969: git linked with OpenSSL

ld of endeavor. In other words, such a license would not be DFSG free. --Sam signature.asc Description: PGP signature

Bug#1094969: git linked with OpenSSL

> "Chris" == Chris Hofstaedtler writes: Chris> brian m. carlson (one of the git upstream copyright holders) Chris> claims in Bug #1094969 that git cannot be distributed when Chris> linked with OpenSSL. IIRC the Debian position is to use the Chris> system library exception. T

Bug#1103034: libpam-modules: pam 1.7.0 behavior changed with regards to DNS domain resolution

> "Alban" == Alban Browaeys writes: Alban> Is this change in domain resolution a regression or a fix ? I think both behaviors are reasonable and so I do not propose to diverge from upstream in this regard.

Bug#1094245: New upstream version xxx

On Fri, 7 Mar 2025 17:45:29 +0100 (CET) Thorsten Glaser wrote: > >> Note that problem back then was that the shipped archived > >> contained m4 files so the autogen step did not "help". > > the attack actually *relied* on doing so. > Just to clarify what your saying here: the attack relied on

Bug#1102030: lacme: wildcard subjectAltName rejected with "Warning: Ignoring invalid domain"

support wildcard certs, but I would very much enjoy having that support. Thanks, -sam P.S.: I am sorry that I am reporting from a somewhat old Ubuntu system. I looked in your git repo and the same behavior seems to be present in the latest version of lacme. -- System Information: Debian Release

Bug#1056337: ugh. please disregard this, there it is: firewalld

-- Sam Lander 0414 626 080

Bug#1056337: dnsmasq: DHCP non-response, comparing against isc-dhcpd

Package: dnsmasq Followup-For: Bug #1056337 X-Debbugs-Cc: sam.lan...@gmail.com Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)?

Bug#1100540: RM: node-websocket [armel] -- ICE; bus error in tests on build

Package: ftp.debian.org Severity: normal X-Debbugs-Cc: debian-...@lists.debian.org, node-websoc...@packages.debian.org User: ftp.debian@packages.debian.org Usertags: remove User: debian-...@lists.debian.org Usertags: armel node-websocket has fallen out of trixie because it bus errors on one

Bug#1100135: Conflict between Podman Profile and Pasta profile breaks rootless network shutdown

package: apparmor version: 4.1.0~beta5-3 severity: important x-debbugs-cc: pod...@packages.debian.org, pa...@packages.debian.org, golang-github-containers-com...@packages.debian.org, tim.mil...@hadronindustries.com Recently I started running into the following error shutting down containers with

Bug#1099625: krb5: machine-readable copyright

I have reviewed and this looks good. Will merge. How much work was involved in putting this together and what tools did you use?

Bug#1094730: News of this bug

A 0-day NMU would be appreciated. I am behind on Debian and will not catch up within the next week or two. > "Bastien" == Bastien Roucariès writes: Bastien> Hi, I can NMU this bug for SID if needed Bastien> Bastien

Bug#1099817: plasma-desktop: change `plasma5-integration` dependency to recommends?

be removed for those who aren't using any Qt5-based programs? Many thanks, Sam

Bug#1091868: debian-policy: Document Git-Tag-Tagger and Git-Tag-Info fields

> "Sean" == Sean Whitton writes: Sean> It's from the VALIDSIG line as documented here: Sean> . Sean> The text there doesn't guarantee that the fingerprint will be Sean> the signing subkey, if there is one, but somewhat imp

Bug#1091868: debian-policy: Document Git-Tag-Tagger and Git-Tag-Info fields

> "Ian" == Ian Jackson writes: Ian> Sean Whitton writes ("Bug#1091868: debian-policy: Document Ian> Git-Tag-Tagger and Git-Tag-Info fields"): >> Package: debian-policy X-debbugs-cc: >> ijack...@chiark.greenend.org.uk >> From: Sean Whitton Ian> ... >> +.. _s-f-Git

Bug#1084761: Patch for usr.bin.evince?

Can confirm same issue. Anyone have a reasonable  patch we can make to the the usr.bin.evince profile to fix this?

Bug#866340: Debian 12 Bookworm

Just discovered this on Debian 12 bookworm which doesn't even have a syslog daemon by default anymore. How did this get even out of testing? Cheers.

Bug#1095194: hurd_no_setfsuid patch breaks pam_modutil_regain_priv

I'm not convinced this is critical, but it is some varient of RC. Proposed solution is to rebase the hurd patch (gbp pq import; git rebase -i; edit the commit) to modify the top level meson.build to include the header test. Then gbp pq export and commit the modified patches. If someone gets to t

Bug#799214: License review: tarsnap

> "Simon" == Simon Josefsson writes: Simon> All, Is the license below acceptable for inclusion into Simon> 'non-free'? It is claimed to cover the tarsnap software, see Simon> https://github.com/Tarsnap/tarsnap and Simon> https://www.tarsnap.com/ for background. I think Andre

Bug#1094853: pam: building with or without bison

licitly find a compiler in the top level meson.build, although only use that meson object for autoconf-style probing of the system. We never tell it to use that compiler for building executables. So there's a lot going on implicitly. --Sam

Bug#1095048: /usr/lib/systemd/user/podman-restart.service: user level podman-restart should not run as root

Package: podman Version: 5.3.2+ds1-1 Severity: important File: /usr/lib/systemd/user/podman-restart.service X-Debbugs-Cc: hartm...@debian.org, hartm...@debian.org I upgraded from bookworm to trixie, and discovered that several of my services were not working. I logged into the container host and

Bug#1094853: pam: building with or without bison

> "Helmut" == Helmut Grohne writes: Helmut> What is being disabled here is the generation of Helmut> /usr/share/doc/libpam-doc/txt/draft-morgan-pam-current.txt.gz. This Helmut> file is missing from the current libpam-doc package. Is that Helmut> intentional? No. I had entirel

Bug#1094245: New upstream version xxx

ackage source. I don't know what you want me to do here. Other than adding ./autogen.sh as part of the build process which is already handled. I'm simply suggesting using the Github source as the upstream not the Github release tarball. Regards, Sam.

Bug#1094245: New upstream version xxx

Package: xz-utils Version: 5.6.3 Severity: normal Tags: security Presumably these commits are taking some upstream release archive and extracting it over main branch of https://salsa.debian.org/debian/xz-utils.git? git log --pretty=format:'%h%x09%an%x09%ad%x09%s' --grep "New upstream ver

Bug#1094145: debian-policy: Remove or significantly minimize manual page requirement

> "Jeremy" == Jeremy Bícha writes: FWIW, I think it is desirable to get as many man pages as we can. To that end, I hope policy continues to: *encourage writing man pages * Encourage maintainers to take well written man pages as patches. At the time that section of policy was last written,

Bug#1091864: tech-ctte: Avahi and systemd-resolved cannot a run mDNS responder at the same time

> "Helmut" == Helmut Grohne writes: Helmut> Thank you for giving an example. It helps better me Helmut> understand what you mean with setting policy, but I remain Helmut> unconvinced that this poses a significant enough difference Helmut> that we would not require a super maj

Bug#1068024: Fwd: Accepted xz-utils 5.6.3-1 (source) into unstable

Hello. Looks fine, but somewhat disconcerting / confusing to see 450 commits from Jia Tan on upstream v5.6.2 and 630 on debian/unstable and debian/5.6.2-1 in https://salsa.debian.org/debian/xz-utils as a result of merge commit 6bd3e4a. On Fri, 25 Oct 2024 08:00:22 +0200 Sebastian Andrzej Siewi

Bug#1091864: tech-ctte: Avahi and systemd-resolved cannot a run mDNS responder at the same time

>>>>> "Helmut" == Helmut Grohne writes: Helmut> Hi Sam and others, thanks for shifting the perspective. Helmut> On Thu, Jan 16, 2025 at 09:49:41AM -0700, Sam Hartman wrote: >> It also seems like the TC has the option of providing policy &g

Bug#1093656: libpam-modules: NEWS entry formatting and typo

> "Chris" == Chris Hofstaedtler writes: Chris> https://salsa.debian.org/vorlon/pam/-/merge_requests/23 Merged. Your MR did not mark this bug as closed. I'll try to remember to manually add to the changelog.

Bug#1066060: libpam-modules: pam_lastlog.so missing

> "Chris" == Chris Hofstaedtler writes: Chris> No, please don't. We already have a release notes draft for Chris> pam_lastlog2 and the packaging and so on. Confirmed.

Bug#1066060: libpam-modules: pam_lastlog.so missing

> "Chris" == Chris Hofstaedtler writes: Hi. I wish I had noticed this back in May, but I missed it then and only ran across it while looking at the new pam build system. It looks like pam_lastlog was deprecated in pam 1.5, but *not* removed. It's a build time option, and it looks like it is

Bug#995236: libpam-modules: pam_limits.so always overwrites rlimits, contrary to man page and upstream behaviour

>>>>> "Simon" == Simon McVittie writes: Simon> On Thu, 16 Jan 2025 at 15:12:01 -0700, Sam Hartman wrote: >> I do think it would be good if su and other privilege gates would >> consider using set_all. Simon> If so, that's surely

Bug#976373: pam_limits no longer defaults to set_all: systemd RLIM_MEMLOCK

control: severity -1 minor control: retitle -1 With set_all, pam_limits sets RLIM_MEMLOCK to 1/8 of memory Hi. Starting with pam 1.7.0, which I am working on, pam_limits will not adjust limits by default. If you do use the set_all option, and do not explicitly set RLIM_MEMLOCK, this issue still wi

Bug#995236: libpam-modules: pam_limits.so always overwrites rlimits, contrary to man page and upstream behaviour

control: tags -1 confirmed > "Simon" == Simon McVittie writes: Simon> History === Simon> This appears to have been caused by a patch submitted in Simon> 2000, originally to fix #63230 Simon> (d/patches-applied/027_pam_limits_better_init_allow_explicit_root). Simon> U

Bug#1092384: krb5: FTBFS: make[1]: *** [debian/rules:111: override_dh_install-arch] Error 1

>>>>> "Adrian" == Adrian Bunk writes: Adrian> Sam, could you make a maintainer upload with this change? Adrian> krb5 is quite central in the OpenLDAP transition that just Adrian> started. Absolutely, thanks for the ping. Will get to it now.

Bug#1093222: Minimizing build-arch for pam

>>>>> "Simon" == Simon McVittie writes: Simon> On Thu, 16 Jan 2025 at 09:38:38 -0700, Sam Hartman wrote: >> But the meson setup call is in override_dh_auto_configure. I >> don't know at that point how to figure out of I am building arch

Bug#1091864: tech-ctte: Avahi and systemd-resolved cannot a run mDNS responder at the same time

> "Michael" == Michael Biebl writes: Michael> Hi Helmut, thanks for the summary. Michael> I also want to mention [0] here. Michael> Am 16.01.25 um 09:32 schrieb Helmut Grohne: >> This gives rise possible CTTE actions. >> >> (O) The CTTE overrules the systemd mainta

Bug#1093222: Minimizing build-arch for pam

package: pam version: 1.5.3-1 severity: wishlist tags: help > "Helmut" == Helmut Grohne writes: [talking about pam manpages] Helmut> From a package building pov, I'd appreciate if you could Helmut> also move the tools for building the manual pages to Helmut> Build-Depends-Indep

Bug#1088923: Please package version 1.7.0

>>>>> "Sam" == Sam Hartman writes: Sam> I have imported the new sources locally and begun rebasing all Sam> the patches. It's proving more challenging than usual. I've pushed an initial set of rebased patches to patch-queue/experimental just

Bug#1092384: krb5: FTBFS: make[1]: *** [debian/rules:111: override_dh_install-arch] Error 1

> "Lucas" == Lucas Nussbaum writes: > install: cannot change ownership of > 'debian/krb5-admin-server/usr/sbin/krb5_newrealm': Operation not permitted It looks like this is a result of defaulting to rules-requires-root: no (was that change in your rebuild?) I think that I need to set rules-

Bug#1088923: Please package version 1.7.0

package: pam version: 1.5.3-7 severity: wishlist Version 1.7.0 has been released. This bug tracks status packaging it. I have imported the new sources locally and begun rebasing all the patches. It's proving more challenging than usual. * Pam has migrated from autotools to meson * Code around se

Bug#1077060: Regression in switch to gnutls: pkcs11 and pkcs12 no longer available

I try something like curl --cert 'pkcs11:manufacturer=piv_II' And I get an error: curl: (3) URL rejected: Port number was not a decimal number between 0 and 65535 Yet I think that's a valid pkcs11 URL.

Bug#1084924: The system-log-daemon virtual package

> "Helmut" == Helmut Grohne writes: Helmut> I see how Ian had a bad experience earlier. His refusal to Helmut> interact with opponents vaguely makes sense on those ground, Helmut> but doesn't help the matter. His refusal to interact with Helmut> CTTE members removes our abilit

Bug#1082430: krb5-kdc, krb5-keytab-backend: Permission mismatch for /etc/krb5kdc/

>>>>> "Russ" == Russ Allbery writes: Russ> I don't think there are obvious security implications (I think Russ> the permissions are more precautionary, and it's also fairly Russ> unlikely that anyone will have installed krb5-wallet before

Bug#1077060: curl: This also applies to PKCS#12

> "Samuel" == Samuel Henrique writes: Samuel> This seems to be the biggest threat to the GnuTLS switch so Samuel> far. Samuel> In the meantime, if any of you could provide an easy Samuel> reproducer, it would save us a bit of time. So, for example with a yubikey with the PIV

Bug#1078026: Meson breakage

Hi, We've had to workaround this in meson's CI by skipping the test for Ubuntu (https://github.com/mesonbuild/meson/commit/9c3dcea2cda3b6eff90e72a826196bfb44d151d8). This is a nasty problem for anyone trying to build openmpi+fortran projects on Ubuntu with meson. Is there anything we can do to h

Bug#829444: Accepting DEP14?

> "Andreas" == Andreas Tille writes: Andreas> Are there any blockers to accept this DEP which I might Andreas> have missed? Honestly, the git-buildpackage default layout is good enough, and dep-14 involves change that doesn't feel like it brings enough value to me. I.E. I think t

Bug#1078688: Please use filecaps for /usr/sbin/unix_chkpwd instead of setgid shadow

> "Daan" == Daan De Meyer writes: Daan> Dear Maintainer, As described in Daan> https://github.com/linux-pam/linux-pam/pull/373, unix_chkpwd Daan> does not need to be setuid or setgid anymore if it is given Daan> cap_dac_override via filecaps instead. I would like debian to

Bug#1074014: Bug#1073608: Bug#1074014: Bug#1073622: Bug#1073608: mksh, pax: no move to /usr going to happen, because:

> "Helmut" == Helmut Grohne writes: Helmut> In bullseye and earlier, I guess it works. Helmut> If you start with bullseye or earlier, upgrade to bookworm Helmut> and then to trixie, it continues to work, because the dash Helmut> maintainer scripts preserve any diversion that

Bug#1077764: Ruling request on os-release specification implementation

ious hacks to do so. What I do not see is a compelling explanation of why Debian as a project wants to encourage that distinction. I agree that people doing a thing is evidence that it has value to those people. But I do not think you provided an explanation of what that value is. If it were easy to distinguish testing from unstable, why would I want to do that? --Sam

Bug#1074014: encode mandatory merged-/usr into policy

> "Helmut" == Helmut Grohne writes: Helmut> seconds from * Chris Hofstaedtler * Holger Levsen * Jochen Helmut> Sprickerhof * Luca Boccassi * Michael Biebl It was my intent to second as well. I like Russ's proposal too. signature.asc Description: PGP signature

Bug#1077060: Regression in switch to gnutls: pkcs11 no longer available

package: curl version: 8.8.0-2 severity: important We have been heavily using curl to make API requests using smartcard authentication. We have a private key and certificate on a Yubikey, and we use curl to perform a pkcs11-authenticated login to get an API token. Unfortunately, according to the

Bug#1076449: Workaround, for now

Follow up: As a work-around, the following seems to get things to work again (not tested in-depth though): Change line /usr/lib/python3/dist-packages/hgdemandimport/demandimportpy3.py:32 from _deactivated = True to _deactivated = False This allows at least to hg command to be calle

Bug#1076449: Might be a different cause

So, I have now two machines where this bug happens, but on a third one (my notebook) there seems to be no problem, despite all of them showing 6.8-1 as the installed version (via `dpkg --list | grep mercurial`). Any recommendations how to make a differential-diagnosis between two systems? I think

Bug#1076449: Same issue

Confirmed, this might render any mercurial server unusable in the future. signature.asc Description: signature

Bug#858970: please add /etc/krb5.conf.d

> "Andreas" == Andreas Hasenack writes: >> And what dependency should a package that wants to use included >> fragments have to ensure that those included fragments are >> loaded? I don't think you can. An administrator might remove the includedir. krb5.conf might be a symlink.

Bug#858970: please add /etc/krb5.conf.d

> "Russ" == Russ Allbery writes: Russ> Andreas Hasenack writes: >> I opened #1074775[1] to backport the heimdal patches that add >> include and includedir support, filed a couple of salsa PRs[2][3] >> with tests, and they were merged. Once there is a new upload of >> heim

Bug#1075937: breeze-gtk-theme: Change `gtk2-engines-pixbuf` dependency to recommends so GTK2 isn't mandatory

e case for others too, so it would be nice to get rid of this hard dependency. Thanks for considering, Sam

Bug#1075813: Krb5: fails to pick up debian configuration

package: krb5-kdc severity: grave version: 1.21.3-2 A typo in version 1.21.3-2 incorrectly interrupts the configure args, among other things causing sysconfdir to be incorrectly set. This breaks krb5-kdc because it does not read /etc/krb5kdc/kdc.conf. Found by CI tests. signature.asc Descriptio

Bug#1063648: krb5: FTBFS on arm64, armel and ppc64el with "Can't resolve hostname" in dh_auto_test

g with more gratuitous environment changes entirely outside my control. I'm kind of tempted to take this to the TC and ask for clarity about what is reasonable to expecte from buildds. --Sam

Bug#1074014: encode mandatory merged-/usr into policy

> "Helmut" == Helmut Grohne writes: Helmut> Questions: 1. Do you agree that policy should be changed? Yes. The TC has effectively set policy here already, and while they did not use their power under 6.1.1 to actually officially set project policy, their position has bee

Bug#1073847: Systemd: Fails to restart after OOM

Package: mariadb-server Version: 1:10.11.6-0+deb12u1 Severity: important Dear Maintainer, After an OOM kill, the process is not restarted by systemd. In the service file is: Restart=on-abort I believe this should be: Restart=on-abnormal The comment in the file says it doesn't use on-failure in

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

> "Chris" == Chris Hofstaedtler writes: Chris> When building krb5 with sbuild, configured to use the unshare Chris> backend, the t_iprop.py test apparently times out without any Chris> output. I'm guessing, but have not confirmed that sbuild unshare is setting up a network namesp

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

e rationale for this goes back to the Kerberos standard (RFC 4120). --Sam

Bug#1072952: krb5: FTBFS: ../../src/tests/t_iprop.py - E: Build killed with signal TERM after 60 minutes of inactivity

control: tags -1 +help Chris> Filing with severity: serious as the buildd network has Chris> started switching to sbuild with unshare backend, and Chris> multiple people have reproduced this problem. I'm not running sbuild these days; I'm mostly moving toward containerized builds fo

Bug#1056166: systemd-homed: `passwd` fails

> "Luca" == Luca Boccassi writes: Luca> Ah thanks for the pointer to the file, I had missed that Luca> somehow in the first reply. I see it now: the pam-config for Luca> unix.so assumes that if something runs before then everything Luca> is done already. Unfortunately that as

Bug#1056166: systemd-homed: `passwd` fails

> "Luca" == Luca Boccassi writes: Luca> https://www.freedesktop.org/software/systemd/man/latest/pam_systemd_home.html It's going to be a long time (a couple of weeks) before I have cycles to actually look at systemd-home rather than to answer questions with my pam hat on without looking

Bug#1056166: systemd-homed: `passwd` fails

Hi. I'm not really swapped in on Debian this weekend; dealing with a transition for day job. But quick thoughts. I'm surprised that systemd-home is a pam auth module. That is, I wouldn't expect systemd-home to be able to decide whether you have presented valid credentials to log in. It may be t

Bug#1037084: bookworm: When using gdm3 to start non-GNOME wayland sessions, PATH may be set differently

> "Santiago" == Santiago Vila writes: Santiago> Hello. My plan for base-files is to stop overriding the Santiago> PATH in /etc/profile. Santiago> Ubuntu did that a long time ago and it's probably the Santiago> right thing to do. I'd be happy to pick up the Ubuntu patch to i

Bug#1070072: RM: moonshot-ui -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot...@packages.debian.org Control: affects -1 + src:moonshot-ui After discussing with upstream, we no longer believe it makes sense to include the moonshot suite in a stable Lin

Bug#1070071: RM: moonshot-gss-eap -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot-gss-...@packages.debian.org Control: affects -1 + src:moonshot-gss-eap After discussing with upstream, we no longer believe it makes sense to include the moonshot suite in a

Bug#1070070: RM: moonshot-trust-router -- ROM; poorly maintained upstream

Package: ftp.debian.org Severity: normal User: ftp.debian@packages.debian.org Usertags: remove X-Debbugs-Cc: moonshot-trust-rou...@packages.debian.org Control: affects -1 + src:moonshot-trust-router After discussing with upstream, we no longer believe it makes sense to include the moonshot s

Bug#1068017: Y2038-safe replacements for utmp/wtmp and lastlog

of Fedora have been moving to logind to handle utmp functionality. You will start to see the first impacts of that in pam unstable. --Sam

Bug#1069858: libkrb5-3: krb5.conf seems to ignore rdns = false

> "Lukas" == Lukas Grässlin writes: Lukas> We have a scenario where we need to disable reverse lookups for Lukas> canonicalization in Kerberos as the customer's PTR records are not Lukas> consistent and lead to wrongly requested SPNs otherwise (see Lukas> https://web.mit.e

Bug#1069772: pmbootstrap: description doesn't tell me what the package does

package: pmbootstrap version: 2.2.1-1 severity: minor The description should tell the user what postmarket OS is. That is for example more important than knowing the package uses alpine chroots in determining whether this package is useful to me as a user. --Sam

Bug#1065806: fixed in pam 1.5.3-7

>>>>> "Christoph" == Christoph Anton Mitterer writes: Christoph> Hey Sam. Christoph> There's a typ in the NEWS enty: >> this user a group name that differs from the user name or add Christoph> | Christoph>

Bug#1068017: [Pkg-shadow-devel] Bug#1068017: util-linux: please ship liblastlog2 packages

I've read the wiki page. I'm fine with the proposed approach. I note that by including pam_lastlog2.so in a pam-auth-update configuration, other services (gdm, for example) will include lastlog info. The fact that gdm and other display managers do not include pam_lastlog.so suggests that it's u

Bug#1065806: pam: recent upgrade changes previous default umask

control: clone -1 -2 control: retitle -2 Document pam_umask change in release notes

Bug#1065806: pam: recent upgrade changes previous default umask

> "Professor" == Professor Jeebs writes: Professor> I prefer the way it is handled per user.  There is a related, commented Professor> out, option in /etc/skel/.profile, which lands in new user directories, Professor> which I have never touched the umask part until now.  I unc

Bug#1068192: debian-policy: extended forbidden network access to contrib and non-freeo

> "Aurelien" == Aurelien Jarno writes: Aurelien> If we go that route, here is a proposed alternative patch: Aurelien> --- a/policy/ch-source.rst Aurelien> +++ b/policy/ch-source.rst Aurelien> @@ -338,7 +338,8 @@ Aurelien> For example, the build target should pass ``--di

Bug#1067079: Clarify that policy on a technology does not implicitly mandate that technology

ment is one I think should be valid in form, although at the current time I think it is liked based on a false premise. The second argument can be dismissed because of its form. I think the first argument requires more consideration, and I think your proposal would remove that consideration, even if reworded. --Sam signature.asc Description: PGP signature

Bug#1066979: common-auth: sudo should not have incorrect password delay

> "Tim" == Tim Hutt writes: Tim> By default, on Debian and derivatives, `sudo` has a ~2 second Tim> delay for incorrect password attempts. This serves no security Tim> purpose whatsoever and merely annoys the user. It's not obvious to me that it serves no security purpose. Why can

Bug#1065702: krb5-kdc: uninstallable due to hard-coded dependency on libverto-libev1 | libverto-libevent1,

>>>>> "Steve" == Steve Langasek writes: Steve> Hi Sam, Steve> I've run into a problem with openldap not being Steve> bootstrappable for the time_t transition because it Steve> build-depends on krb5-kdc, and krb5-kdc is uninstallable

Bug#1065170: tech-ctte: Requesting advice on glib2.0 #1065022, file deletion by postrm during t64 transition

> "Matthew" == Matthew Garrett writes: Matthew> I agree with the conclusions drawn here, but feel that it's Matthew> possibly worth making a stronger general statement that Matthew> policy should never prevent the implementation of a Matthew> well-considered simple solution. I

Bug#1065170: tech-ctte: Requesting advice on glib2.0 #1065022, file deletion by postrm during t64 transition

Are there solutions in the space of having glib2.0-0 continue to exist as a package depended on by glib2.0-0t64 or depending on the new library allowing you to replace the postrm? That might create a space in time where glib2.0-0.so does not exist, but we probably have more flexibility there than

Bug#1065017: unuser: error while loading shared libraries: libpam.so.0

at all or if you did, but we're more focused on people who never upgraded. If you do run into breakage, we'll work with you to find a solution. --Sam

Bug#1065088: pam 1.5.3-5 not suitable because pam_userdb is missing

package: pam version: 1.5.3-5 severity: serious This version of pam drops pam_userdb which can break systems that use pam_userdb in their configuration. Long term we do want to split it out and possibly drop. However, this change is purely for the time_t transition and will be reverted. This ve

Bug#1065064: libpam-doc: doc-base reports missing files

> "Colin" == Colin Watson writes: Colin> in those doc-base files but are in fact missing. I don't Colin> know whether this is intentional (in which case the doc-base Colin> registrations should be removed to match), or an accidental Colin> build issue that should be fixed. I

Bug#1065017: unuser: error while loading shared libraries: libpam.so.0

ue and deployed changes like this in production. Steve and I agreed to revert the rename on IRC, effectively accepting the ABI break because it doesn't matter for the archive. We may look at better solutions when we have a bit of time. --Sam signature.asc Description: PGP signature

Bug#1065011: libpam0t64 competes for libpam.so.0 symlink against libpam0g (breaks debootstrap)

that possible on arches where the ABI has actually changed. On arches where the ABI is the same, libpam0t64 provides libpam0g, so we can get rid of libpam0g today. --Sam

Bug#1064454: debian-policy: Restrict deb822 field names more

> "Niels" == Niels Thykier writes: Niels> Simon Josefsson: >> Would it make sense to change this to use an inclusive list of >> permitted characters instead? How about checking the field names >> that is in use today, and construct a regexp of permitted symbols >> out of

Bug#1051582: Policy 9.3 (Starting system services) is largely obsolete

> "Sean" == Sean Whitton writes: Sean> In general, I agree with Santiago. I find Policy's current Sean> scope and working process effective, and not especially Sean> ambiguous. I think everyone should read it during the NM Sean> process, if not sooner. Sean> Russ has con

Bug#1060700: Requesting advice regarding the impact of problems caused by aliasing on declared Conflicts

to go down the path until we had better architected tools. I'm not proposing to turn around now, and that may possibly be an area where Matthew and I disagree. But I absolutely want to lend credibility to the idea that we are digging ourselves into a hole, hoping that it will become a tunnel and

Bug#1036884: 64-bit time_t: updated archive analysis, proposed transition plan with timeline

think logistically it would not be desirable for those bugs to be RC at this time. Yes, if not fixed they will eventually need to be, but for example I don't think it would be desirable to block toolchain testing migrations on this issue at this time. And obviously we're not going

Bug#1063648: krb5: FTBFS on arm64, armel and ppc64el with "Can't resolve hostname" in dh_auto_test

> "Simon" == Simon McVittie writes: Simon> It might be relevant that according to #972151, arm-conova-03 Simon> (and perhaps other *-conova-* buildds?) is IPv6-only, with no Simon> IPv4 addresses or routes other than loopback (not even via Simon> NAT). Simon> I believe th

  1   2   3   4   5   6   7   8   9   10   >