Re: nis 3.8-0.1 on axp
On Tue, 24 Oct 2000, Miquel van Smoorenburg wrote:
> It appears to be a normal thing that security NMUs are done without
> waiting for a reply from the real maintainer of a package. Oh well.
This is pretty normal, but necessary in a way, unfortunately. I guess the
need to have a fix before the problem goes very public is a big motivating
factor. I linger on the security list for announcements just in case one
of my packages is involved.
> I'd probably have packaged the same packages, since there were no
> real changes from ypbind-mt-3.6 to ypbind-mt-3.7 - only some cosmetic
> fixes and ofcourse the security hole was plugged. Nothing that seems
> related to what you are experiencing.
Any chance that someone could send me a diff between the two? I can at
least look over the changes to see if there's something obvious that could
cause a problem on a 64-bit machine.
> The only way this can be fixed is if someone with an Alpha is able
> to reproduce, debug and fix this, I'm afraid... the package works
> fine on i386 (except for the broken Depends: line in the woody version)
I wish I had NIS set up here, but I don't :-( I can only do a code review
of it since I can't debug it otherwise (unless someone can give me simple
directions on setting up a very temporary NIS testing environment).
C
Reply to: