[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intro + Re: Heads up: Bug#981055: O: john -- active password cracking tool

Hi Samuel,

sorry for the late reply. I subscribed, but forgot that I had a
procmail filter for debian lists which are not explicitly sorted into
my default inbox. So I saw your mail just now.

Samuel Henrique wrote on Tuesday:
> If I understood correctly, you're working (or about to start working)
> on packaging the jumbo version of john, is that correct?

Yes and no. TL;DR: I've chosen the better safe than sorry approach.

I already did a QA upload of john and created a repo under debian/john
with the result of "gbp import-dscs --debsnap" for this. What I
already fixed/added in that upload is multithreading and one of two
cron job issues. They were all low hanging fruit, have nearly no
regression potential, but the package gains quite a bit in usability.

In the meanwhile I already copied to pkg-security-team (because moving
to other teams doesn't seem to be allowed) and started on team
integration.

Will hopefully finish that part this night and upload. Didn't find
much time for packaging the past few days.

I though do _not_ intent to import 1.9.0 or the Jumbo patch before
Bullseye. There are quite some reverse dependencies to john and I do
not want to break any of them at this stage of the freeze as I don't
know that much about the Jumbo patch. I just know that Kali already
has it (and 1.9.0) packaged.

I also have not much of an idea how well the licenses of the Jumbo
patch have been reviewed for inclusion in Debian, which could pose
another source for RC bugs.

> I haven't looked deep into the kali packaging[0] of it yet so I don't
> have an idea of how much work it will be, so feel free to ask for
> help.

Well, my plan on this is to work on it once all that "last chance to
get things into bullseye" stress is over. Current idea:

* Check how much the packaging from Kali and Debian differs.
* Check how well debian/copyright was maintained in Kali for the jumbo
  patch part.
* Eventually merge the two packagings and upload the result to
  Experimental (at least if we're still in the freeze then).

> [0] https://gitlab.com/kalilinux/packages/john

Thanks for that link.

In other news: I just uploaded plaso with the last RC bug fixed.
(Raphaël uploaded the other RC fix earlier today and with this, he
paved the way for me so that I could continue working on the package.
Thanks!)

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
Reply to: