Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
Subject: Re: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
X-message-flag: Outlook is a good virus spreading tool. It can send mail, too.
Quoting Martin Schulze (firstname.lastname@example.org):
> When no code needs to be changed but only the suid bit dropped
> and login still works as expected, I don't see a reason not to
> drop the setuid bit, even the contrary, I wonder why it is setuid
> root in the first place.
Well, should I take this as the official Security Team advice ?
If so, the conclusion would be : the Security Team is OK for the
change while the Release Team is not really pushing it...which would
then draw the conclusion for me : delay the change as the priority now
is to release.
I could for sure upload something changed to experimental. But, well,
I simply don't feel I have the resources for handling two branches for
shadow at this moment.