Offer to take over the shadow package (passwd and login binary packages)
The shadow package is officially maintained by Karl Ramm, with
assistance by Sam Hartman. It is the source package for "login" and
"passwd", two important pieces of Debian base system.
I have helped Karl in collecting the package translations (both
debconf and programs translations) for more than one year now.
Since July 2004, I've got no news from Karl and any further attempt to
get in touch with him has been unsuccessful. Even before this, it
became quite obvious that the package is not very actively maintained.
Karl is listed in the MIA lists and it becomes quite obvious that he
is really MIA. I had exchanges with the MIA lists maintainers about this.
I have announced in many places my intent to take over the package
development, which I'm in fact doing since mid 2004 (with NMUs).
As I feel that I don't have the whole required skills for doing so, I
have made my best to gather a mini team of contributors. The team is
quite small at this momennt but I expect more motivated people to join
For instance, Tomasz Kłoczko, the upstream maintainer has joined the
package development list. Tomasz has given a very strong push to the
upstream development and I expect a very good collaboration with him
to make shadow utilities better...and the Debian implementation better
Sam Hartman also mentioned he may bring some help and is of course
All other Debian developers (or contributors) who want to contribute
are welcomed to contact me. We will probably specifically need people
with well established skills about system security.
This is is the official announcement of my intent to take over the package
development. I hesitated a lot before doing so as the alternative
would have been to keep a NMU version as the last version released
with sarge. For more clarity on this topic, I finally decided it would
be better to officially act as the package maintainer.
I intent to soon upload a version with the
email@example.com mailing list as
"Maintainer:", so that the lists gets the bug reports and all other
stuff related to the package development and myself and Sam Hartman as
This will be the 4.0.3-31 release of the package. It will be exactly
similar to the current 4.0.3-30.10 release of the package except the
maintainer and uploader changes.
The plans for the future are:
-Before sarge release:
-continue to improve the l10n in shadow, if still possible, with no
other update, except of course RC issues. This will be the
Even the request for making login non setuid is delayed post-sarge
after advice received from the release managers.
-maybe launch some work in experimental to integrate upstream 4.0.7
-In Etch (ie after sarge release)
-examine all Debian-specific patches to upstream sources one by one
and discuss them with upstream. My intent is to minimize them as
much as possible and have them integrated upstream if possible
For this, the 4.0.3-32 release will use dpatch to isolate all these
patches. This is already made in the CVS on Alioth, indeed, thus the
devel list members may already begin to review these patches
-integrate all this to upstream's 4.0.7 release, looking one by one
to Debian specific changes and decide whether:
-they're already here in 4.0.7
-they are not and should be dropped
-they are not, should be kept and integrated upstream
-they are not, should be kept but should be kept as Debian specific
The goal here is to have a Debian version which is as close as
possible from the upstream version.
These last plans may of course be changed, depending on the
discussions we will have on the package development list.
Please, feel free to comment about all this. Any input is welcomed.