[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#830907: RFS: pam-u2f/1.0.4-0.1 [NMU]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "pam-u2f"

 * Package name    : pam-u2f
   Version         : 1.0.4-0.1
   Upstream Author : Yubico AG
 * URL             : https://developers.yubico.com/pam-u2f/
 * License         : BSD
   Section         : admin

It builds those binary packages:
  libpam-u2f - universal 2nd factor (U2F) PAM module
  pamu2fcfg  - universal 2nd factor (U2F) PAM module command-line helper tool

My prepared upload can be found on mentors.debian.net:

  https://mentors.debian.net/package/pam-u2f

Alternatively, one can download the package with dget:

    dget -x https://mentors.debian.net/debian/pool/main/p/pam-u2f/pam-u2f_1.0.4-0.1.dsc


This upload brings v1.0.4 to the archive, which fixes a potential
security issue (see [0] for details), and enables build-time hardening
features.

Moreover, it fixes a number of minor issues:
- use HTTPS for the Vcs-Git link;
- bump Standards-Version to 3.9.8 (no change required);
- install the pam_u2f(8) manpage in the corresponding package,
  rather than in pamu2fcfg.


I am aware that sponsored NMUs are not a sane way to maintain this
package in the long term.  As such, I reached out to the pkg-auth team,
applied for membership there, and suggested several changes to make the
maintainance of those packages easier.


Best,

  nicoo

[0] https://developers.yubico.com/pam-u2f/Release_Notes.html
Reply to: