Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
debian-release@lists.debian.org
Cc: 298060-submitter@bugs.debian.org
Bcc:
Subject: Re: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
Reply-To:
In-Reply-To: <[🔎] 20050307181816.GW5330@finlandia.infodrom.north.de>
X-message-flag: Outlook is a good virus spreading tool. It can send mail, too.
X-pot_a_miel: honeypot@kheops.frmug.org
Quoting Martin Schulze (joey@infodrom.org):
> When no code needs to be changed but only the suid bit dropped
> and login still works as expected, I don't see a reason not to
> drop the setuid bit, even the contrary, I wonder why it is setuid
> root in the first place.
Well, should I take this as the official Security Team advice ?
If so, the conclusion would be : the Security Team is OK for the
change while the Release Team is not really pushing it...which would
then draw the conclusion for me : delay the change as the priority now
is to release.
I could for sure upload something changed to experimental. But, well,
I simply don't feel I have the resources for handling two branches for
shadow at this moment.
Reply to: