Bug#565143: Maybe update cron to cronie instead?

To: 565143@bugs.debian.org
Subject: Bug#565143: Maybe update cron to cronie instead?
From: Javier Fernandez-Sanguino <jfs@computer.org>
Date: Wed, 17 Mar 2010 12:46:54 +0100
Message-id: <[🔎] f3c99a81003170446l1159ab1doe96590a3fdab3198@mail.gmail.com>
Reply-to: Javier Fernandez-Sanguino <jfs@computer.org>, 565143@bugs.debian.org
In-reply-to: <f3c99a81003170406o7d5718c2p99ffe5eea91a0531@mail.gmail.com>
References: <f3c99a81003170406o7d5718c2p99ffe5eea91a0531@mail.gmail.com>

Hi,

For those reviewing/thinking on helping with this RFH bug it is worth
noting that Vixie's cron is rather dead upstream, there have been no
changes post the 4.1 release available at
http://ftp.isc.org/isc/cron/ (dated january 2004)

In the meantime, the Red Hat / Fedora folks have forked off vixie-cron
into cronie "recently" (2008, IIRC) and this project [1] has since
been adopted by  Mandriva and Gentoo folks too. Maybe cron should be
updated to this fork instead. This fork probably fixes many of the
open bugs in Debian but could also introduce some new (like
CVE-2010-0424 which looks seems to be specific to 4.1 and thus to cronie [2])

Forward porting the Debian patches to this fork is still a large
amount of work, however, more so since the fork has already diverted a
lot from the original codebase (4.1)

Regards

Javier


[1] https://fedorahosted.org/cronie/
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0424
and
http://security-tracker.debian.org/tracker/CVE-2010-0424

Reply to:

Prev by Date: Processed: r2275 - in packages/ttf-kacst-one/trunk: . debian
Next by Date: Bug#574294: ITP: haskell-explicit-exception -- Haskell exceptions which are explicit in the type signature
Previous by thread: Processed: r2275 - in packages/ttf-kacst-one/trunk: . debian
Next by thread: Bug#574294: ITP: haskell-explicit-exception -- Haskell exceptions which are explicit in the type signature
Index(es):
- Date
- Thread