GNU bug report logs - #34632
[PATCH 0/2] Change from GSS to MIT-KRB5.

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Sat, 23 Feb 2019 16:22:01 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: mbakke <at> fastmail.com
Cc: Ludovic Courtès <ludo <at> gnu.org>, 34632 <at> debbugs.gnu.org, leo <at> famulari.name
Subject: [bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5.
Date: Fri, 15 Mar 2019 23:43:26 -0400

Hello!

On Sat, Feb 23, 2019 at 05:20:42PM +0100, Marius Bakke wrote:
> The GNU Generic Security Service and friends have been unmaintained for
> many years now: <https://www.gnu.org/software/gss/>.
>
> Since these libraries are security-critical, it would be good to switch
> to maintained implementations.  WDYT?

Unmaintained on what ground? The website doesn't list fresh news,
but the latest release was made in 2014 [1], and the maintainer has made
changes to the Debian package last time in 2017 [2]. I wouldn't say it's
unmaintained until the maintainer says so or CVEs pile up unfixed (which
there aren't).

So, my position would be to not do anything, as there doesn't seem to be
an issue.

Maxim

[1]  ftp://ftp.gnu.org/gnu/gss/
[2]  https://sources.debian.org/src/gss/1.0.3-3/debian/changelog/
This bug report was last modified 2 years and 283 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.