From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([209.51.188.92]:42660)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h50Et-0003jW-Pi
	for guix-patches@gnu.org; Fri, 15 Mar 2019 23:44:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h50Es-0002Yd-FB
	for guix-patches@gnu.org; Fri, 15 Mar 2019 23:44:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:60411)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1h50Es-0002YS-5A
	for guix-patches@gnu.org; Fri, 15 Mar 2019 23:44:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1h50Er-0006bP-QY
	for guix-patches@gnu.org; Fri, 15 Mar 2019 23:44:01 -0400
Subject: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5.
Resent-Message-ID: <handler.34632.B34632.155270781825341@debbugs.gnu.org>
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
References: <20190223162042.18168-1-mbakke@fastmail.com>
	<20190226045813.GA29580@jasmine.lan> <87tvg323ak.fsf@gnu.org>
Date: Fri, 15 Mar 2019 23:43:26 -0400
In-Reply-To: <87tvg323ak.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Fri, 15 Mar 2019 23:14:43 +0100")
Message-ID: <87o96bqyap.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: mbakke@fastmail.com
Cc: 34632@debbugs.gnu.org

Hello!

On Sat, Feb 23, 2019 at 05:20:42PM +0100, Marius Bakke wrote:
> The GNU Generic Security Service and friends have been unmaintained for
> many years now: <https://www.gnu.org/software/gss/>.
>
> Since these libraries are security-critical, it would be good to switch
> to maintained implementations.  WDYT?

Unmaintained on what ground? The website doesn't list fresh news,
but the latest release was made in 2014 [1], and the maintainer has made
changes to the Debian package last time in 2017 [2]. I wouldn't say it's
unmaintained until the maintainer says so or CVEs pile up unfixed (which
there aren't).

So, my position would be to not do anything, as there doesn't seem to be
an issue.

Maxim

[1]  ftp://ftp.gnu.org/gnu/gss/
[2]  https://sources.debian.org/src/gss/1.0.3-3/debian/changelog/