On Thu, Aug 30, 2012 at 06:07:55PM +0800, Thomas Goirand wrote: > On 08/30/2012 03:20 AM, Adam D. Barratt wrote: > > On Thu, 2012-08-30 at 03:01 +0800, Thomas Goirand wrote: > >> Please unblock package xen-api. > >> The PAM fix which we did for version 1.3.2-10 wasn't correct, and thanks to > >> the help of Steve Langasek, we have it in a good shape now. > >> The details of the conversation is available in the Ubuntu BTS here: > >> https://bugs.launchpad.net/ubuntu/+source/xen-api/+bug/1033899 > > Trying to view that conversation gives me: > > Launchpad.net > > Lost something? > > This page does not exist, or you may not have permission to see it. > > That's not particularly helpful... :/ > Indeed, this is a permission problem in this page, its marked as > "Private Security". I'm not sure how the Ubuntu stuff works though. > I'm not a PAM specialist, and I'm afraid I can't comment much in here. > Mike is unfortunately away for a while (I'm not sure I should disclose > why), so he wont be able to explain what was wrong in version -10. I > have to admit that I was busy doing other stuff, and that I'm not sure > what the problem was. > Steve, can you comment about the changes in the PAM settings committed > in this latest version of XCP, and explain to the release team why we > needed to change it and unblock the fixed xen-api/1.3.2-11? Thanks in > advance. I've talked to the Ubuntu security team and they've unembargoed the bug; there's no reason to keep it private when there's public conversation pointing at the fact that it's a security issue. So that link works now. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: Digital signature