From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:54872) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h5aVw-0007kY-Jt for guix-patches@gnu.org; Sun, 17 Mar 2019 14:28:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h5aVv-000858-S2 for guix-patches@gnu.org; Sun, 17 Mar 2019 14:28:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34206) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h5aVu-00084f-Nx for guix-patches@gnu.org; Sun, 17 Mar 2019 14:28:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h5aVu-0007t9-E3 for guix-patches@gnu.org; Sun, 17 Mar 2019 14:28:02 -0400 Subject: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. Resent-Message-ID: Date: Sun, 17 Mar 2019 14:27:05 -0400 From: Leo Famulari Message-ID: <20190317182705.GD1410@jasmine.lan> References: <20190223162042.18168-1-mbakke@fastmail.com> <20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org> <87o96bqyap.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bjuZg6miEcdLYP6q" Content-Disposition: inline In-Reply-To: <87o96bqyap.fsf@gmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Maxim Cournoyer Cc: 34632@debbugs.gnu.org --bjuZg6miEcdLYP6q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Mar 15, 2019 at 11:43:26PM -0400, Maxim Cournoyer wrote: > Unmaintained on what ground? The website doesn't list fresh news, > but the latest release was made in 2014 [1], and the maintainer has made > changes to the Debian package last time in 2017 [2]. I wouldn't say it's > unmaintained until the maintainer says so or CVEs pile up unfixed (which > there aren't). Considering the rate of vulnerability discovery in MIT Kerberos [0] I think that, if GSS was being examined to the same degree, we would learn of many serious bugs. Any significant C codebase of this age will have such bugs. But unfortunately GSS hasn't received as much scrutiny. [0] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=krb5 --bjuZg6miEcdLYP6q Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlyOkXkACgkQJkb6MLrK fwgJQBAAjXTRfMC9wD71dSlYDE1r8SfMYqMGxIX0tyie7Cg6Q4bnCzzvsXMItM/i jXD24Vb3c7gaIqjGWbf2PMQfsDesq/l5ZQkzM8CGFfknirxa/DbC3/PhnOKaoRok zkKMRd3RIMzyf83gjQahETXB9TISPKVObeCm5m4WQGvqWnRVkh8HSyr+v9UyI/Ty BB+Vc6aapCZlu1cQoOt6gvUw34L3pqgDeklgZLEJ2ecnr2gAH0qEOaOXFyQFHMyP /xGQvRsUHCnhXx8SwSbcevcxIM01zjFhZXg1LXOkvsHZCvssp2tiQxe2r525fX0o B0jZaY3AwkOMh+hhIKeNSh0ICkFOnOM1Yc9bopHKorIfEGbnvuaHRd/pFUjWzHtW wq47b/m3ISu6Mmdy/qBgksE3ucsVyqatOYGSNbaqwTPcUNo1DDg6AwPJW1KdMHAI dCb+AJWZprrwTcH2zo3/gFFYJB4VKD26sKIYYifhw02TQUaCorU5lMsRGMt2sk8q lAaNr0Ky41HtoM09nLAVnc6MCZn6fUkgPRJx2HM5uDoRkJSFQ9uQqimC4FIjzVmH //K7ErLsjZyyZv+33/YwjrYP3vsDANhrt0ZcoEDlYyNo1uzVGCQXPEp1FU33MOTu UH20nlpNLv0+mxarh+xWe4ym/nc9QhGT75682ugBRxL9QsFp9xY= =ToYO -----END PGP SIGNATURE----- --bjuZg6miEcdLYP6q--