Bug#429688: update on pushmi ITP

To: 429688@bugs.debian.org
Subject: Bug#429688: update on pushmi ITP
From: David Bremner <bremner@unb.ca>
Date: Tue, 30 Oct 2007 15:00:50 +0100
Message-id: <[🔎] 0ttzo81z3h.wl%bremner@pivot.cs.unb.ca>
Reply-to: David Bremner <bremner-dated-1194962460.def35a@pivot.cs.unb.ca>, 429688@bugs.debian.org

Pushmi depends on memcached to deal with locking of the
repository.  I'm not really comfortable with the lack of security (in
this application) of the current debian version of memcached;
essentially anyone on the same host has access to the daemon.
Probably it is difficult to do much worse than a denial of service
attach, but better to be cautious.  The next upstream release of
memcached (1.2.4?) should include better support for unix domain
sockets, at which point I plan to move forward with the packaging of
pushmi.

The patch to memcached, along with some startup changes, can be found
in BTS

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446606

Reply to:

Prev by Date: Processed: retitle 441323 to RM: sope -- RoQA; no users, RC-buggy, reassign 441323 to ftp.debian.org
Next by Date: Processed: retitle 411875 to RM: linux-igd -- RoQA; unmaintained, RC-buggy, reassign 411875 to ftp.debian.org
Previous by thread: Processed: retitle 441323 to RM: sope -- RoQA; no users, RC-buggy, reassign 441323 to ftp.debian.org
Next by thread: Processed: retitle 411875 to RM: linux-igd -- RoQA; unmaintained, RC-buggy, reassign 411875 to ftp.debian.org
Index(es):
- Date
- Thread