[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Offer to take over the shadow package (passwd and login binary packages)

Hello folks,

The shadow package is officially maintained by Karl Ramm, with
assistance by Sam Hartman. It is the source package for "login" and
"passwd", two important pieces of Debian base system.

I have helped Karl in collecting the package translations (both
debconf and programs translations) for more than one year now.

Since July 2004, I've got no news from Karl and any further attempt to
get in touch with him has been unsuccessful. Even before this, it
became quite obvious that the package is not very actively maintained.

Karl is listed in the MIA lists and it becomes quite obvious that he
is really MIA. I had exchanges with the MIA lists maintainers about this.

I have announced in many places my intent to take over the package
development, which I'm in fact doing since mid 2004 (with NMUs).

As I feel that I don't have the whole required skills for doing so, I
have made my best to gather a mini team of contributors. The team is
quite small at this momennt but I expect more motivated people to join

For instance, Tomasz Kłoczko, the upstream maintainer has joined the
package development list. Tomasz has given a very strong push to the
upstream development and I expect a very good collaboration with him
to make shadow utilities better...and the Debian implementation better
as well.

Sam Hartman also mentioned he may bring some help and is of course
very welcomed.

All other Debian developers (or contributors) who want to contribute
are welcomed to contact me. We will probably specifically need people
with well established skills about system security.

This is is the official announcement of my intent to take over the package
development. I hesitated a lot before doing so as the alternative
would have been to keep a NMU version as the last version released
with sarge. For more clarity on this topic, I finally decided it would
be better to officially act as the package maintainer.

I intent to soon upload a version with the
pkg-shadow-devel@lists.alioth.debian.org mailing list as
"Maintainer:", so that the lists gets the bug reports and all other
stuff related to the package development and myself and Sam Hartman as

This will be the 4.0.3-31 release of the package. It will be exactly
similar to the current 4.0.3-30.10 release of the package except the
maintainer and uploader changes.

The plans for the future are:

-Before sarge release:

 -continue to improve the l10n in shadow, if still possible, with no
  other update, except of course RC issues. This will be the
  4.0.3-31sarge series
  Even the request for making login non setuid is delayed post-sarge
  after advice received from the release managers.

 -maybe launch some work in experimental to integrate upstream 4.0.7
  (see below)

-In Etch (ie after sarge release)

 -examine all Debian-specific patches to upstream sources one by one
  and discuss them with upstream. My intent is to minimize them as
  much as possible and have them integrated upstream if possible

  For this, the 4.0.3-32 release will use dpatch to isolate all these
  patches. This is already made in the CVS on Alioth, indeed, thus the
  devel list members may already begin to review these patches

 -integrate all this to upstream's 4.0.7 release, looking one by one
  to Debian specific changes and decide whether:
  -they're already here in 4.0.7
  -they are not and should be dropped
  -they are not, should be kept and integrated upstream
  -they are not, should be kept but should be kept as Debian specific

  The goal here is to have a Debian version which is as close as
  possible from the upstream version.

  These last plans may of course be changed, depending on the
  discussions we will have on the package development list.

Please, feel free to comment about all this. Any input is welcomed.


Reply to: