Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1

To: Sam Hartman <hartmans@debian.org>
Cc: 939890@bugs.debian.org, "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
From: Josue Ortega <josue@debian.org>
Date: Mon, 09 Sep 2019 20:48:43 -0700
Message-id: <[🔎] e7960d38f782f7f0b76b71e64a13e2cb@debian.org>
Reply-to: josue@debian.org, 939890@bugs.debian.org
In-reply-to: <[🔎] tsla7bc52gz.fsf@suchdamage.org>
References: <[🔎] 156805731668.7862.3594192859954452301.reportbug@Trillian> <[🔎] b3186c6cf86fcadf83716662510812fa91e97292.camel@adam-barratt.org.uk> <[🔎] 156805731668.7862.3594192859954452301.reportbug@Trillian> <[🔎] a6b0032d2e6051375f29970ab2dbd3f7@debian.org> <[🔎] tslv9u13si4.fsf@suchdamage.org> <[🔎] 20190910012607.GA32333@debian.org> <[🔎] tsla7bc52gz.fsf@suchdamage.org> <[🔎] 156805731668.7862.3594192859954452301.reportbug@Trillian>

On 2019-09-09 20:06, Sam Hartman wrote:

> It seems concerning to decrease the security of  rpcbind to the NIS
> level with no option for the user to request the higher level of
> security.

You have a very good point here. Helped me to fully understand the
situation
 
> I do agree that fixing nis for stable is desirable.
> My recommendation would be to:
> 
> 1) Make this runtime configurable with an rpcbind command line option
> rather than a compile time option.
> The patche looks relatively simple to do that.

I will prepare the patch and submit the new debdiff ASAP

--
Josue

Reply to:

References:
- Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
  - From: Josue Ortega <josue@debian.org>
- Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
  - From: Josue Ortega <josue@debian.org>
- Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
  - From: Sam Hartman <hartmans@debian.org>
- Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
  - From: Josue Ortega <josue@debian.org>
- Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
Next by Date: Bug#931949: marked as done (transition: proj)
Previous by thread: Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
Next by thread: Processed: Re: Bug#939890: buster-pu: package rpcbind/1.2.5-0.3+deb10u1
Index(es):
- Date
- Thread