Jan, On Fri, Sep 10, 2010 at 11:25:14PM +0200, Jan Dittberner wrote: > I just uploaded pam-pgsql/0.7.1-3 to unstable. The new upload fixes #594721 and > #596375. The first bug is security related, the patch is in production use by > the bug submitter and looks sane to me. The second bug is RC because it would > break upgrades from Lenny. I don't see how the "support Postgres' md5 hashes" is security related. "I can only use this table if I do $foo" while $foo is maybe not sane doesn't qualify as a security bug in my books. This is fun, too: +TODO (see http://dep.debian.net/deps/dep3/): +Last-Update: 2010-08-28 +Forwarded: <no|not-needed|url proving that it has been forwarded> +Reviewed-By: <name and email of someone who approved the patch> That said I wouldn't oppose it, despite it not fitting the freeze guidelines. As for #596375: it looks RC-ish. I'm a bit stunned that there's neither a manpage, nor it's shipped with a configuration file at the default location you suggest. After all, you could pass config_file to the module to use a different one, and those will still break. I'm not sure how to handle this case properly, though, and I'd strongly suggest an entry in NEWS.Debian. Kind regards, Philipp Kern
Attachment:
signature.asc
Description: Digital signature