[opensuse-factory] krb5-kvno-230379.patch
HI! I'm trying to upgrade the Kerberos packages to 1.14 which contains lots of major changes. Therefore I wonder whether the failing krb5-kvno-230379.patch [1] is still needed. In the patch file the following ticket is referenced: http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349 The ticket was created back in 2006 and it mentions upgrade issues from W2K to W2K3. Since even W2K3 will be out-of-service pretty soon I'm inclined to simply drop this patch. Any thoughts on this? Ciao, Michael. [1] https://build.opensuse.org/package/view_file/network/krb5/krb5-kvno-230379.p...
08.12.2015 23:58, Michael Ströder пишет:
HI!
I'm trying to upgrade the Kerberos packages to 1.14 which contains lots of major changes. Therefore I wonder whether the failing krb5-kvno-230379.patch [1] is still needed.
In the patch file the following ticket is referenced:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349
The ticket was created back in 2006 and it mentions upgrade issues from W2K to W2K3. Since even W2K3 will be out-of-service pretty soon I'm inclined to simply drop this patch.
Any thoughts on this?
This patch allows keytab entries that match any KVNO; removing this patch will break setup for anyone relying on it. It looks like only remotely related to bug report itself - as bug report states "we have keytabs with KVNO == 1 and cannot rewrite them", so adding ability to use keytab with KVNO == 0 hardly helps here. Of course it does allow preparing for unknown KVNO in advance, but it could also be used unintentionally.
Ciao, Michael.
[1] https://build.opensuse.org/package/view_file/network/krb5/krb5-kvno-230379.p...
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Andrei Borzenkov wrote:
08.12.2015 23:58, Michael Ströder пишет:
I'm trying to upgrade the Kerberos packages to 1.14 which contains lots of major changes. Therefore I wonder whether the failing krb5-kvno-230379.patch [1] is still needed.
In the patch file the following ticket is referenced:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349
The ticket was created back in 2006 and it mentions upgrade issues from W2K to W2K3. Since even W2K3 will be out-of-service pretty soon I'm inclined to simply drop this patch.
Any thoughts on this?
[1] https://build.opensuse.org/package/view_file/network/krb5/krb5-kvno-230379.p...
This patch allows keytab entries that match any KVNO; removing this patch will break setup for anyone relying on it.
It looks like only remotely related to bug report itself - as bug report states "we have keytabs with KVNO == 1 and cannot rewrite them", so adding ability to use keytab with KVNO == 0 hardly helps here. Of course it does allow preparing for unknown KVNO in advance, but it could also be used unintentionally.
I'm rather reluctant to keep such a local patch in crypto software. Especially the question is: If there's a valid use-case why wasn't that added to upstream source code? Ciao, Michael.
Michael Ströder wrote:
Andrei Borzenkov wrote:
08.12.2015 23:58, Michael Ströder пишет:
I'm trying to upgrade the Kerberos packages to 1.14 which contains lots of major changes. Therefore I wonder whether the failing krb5-kvno-230379.patch [1] is still needed.
In the patch file the following ticket is referenced:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349
The ticket was created back in 2006 and it mentions upgrade issues from W2K to W2K3. Since even W2K3 will be out-of-service pretty soon I'm inclined to simply drop this patch.
Any thoughts on this?
[1] https://build.opensuse.org/package/view_file/network/krb5/krb5-kvno-230379.p...
This patch allows keytab entries that match any KVNO; removing this patch will break setup for anyone relying on it.
It looks like only remotely related to bug report itself - as bug report states "we have keytabs with KVNO == 1 and cannot rewrite them", so adding ability to use keytab with KVNO == 0 hardly helps here. Of course it does allow preparing for unknown KVNO in advance, but it could also be used unintentionally.
I'm rather reluctant to keep such a local patch in crypto software.
Especially the question is: If there's a valid use-case why wasn't that added to upstream source code?
Hmm, the patch filename let's me conclude it might be related to this bug: https://bugzilla.suse.com/show_bug.cgi?id=230379 But: "You are not authorized to access bug #230379." Ciao, Michael. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Michael Ströder <michael@stroeder.com> writes:
Hmm, the patch filename let's me conclude it might be related to this bug:
That's a completely unrelated bug. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Dec 09, 2015 at 11:31:24AM +0100, Michael Ströder wrote:
Michael Ströder wrote:
Andrei Borzenkov wrote:
08.12.2015 23:58, Michael Ströder пишет:
I'm trying to upgrade the Kerberos packages to 1.14 which contains lots of major changes. Therefore I wonder whether the failing krb5-kvno-230379.patch [1] is still needed.
In the patch file the following ticket is referenced:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349
The ticket was created back in 2006 and it mentions upgrade issues from W2K to W2K3. Since even W2K3 will be out-of-service pretty soon I'm inclined to simply drop this patch.
Any thoughts on this?
[1] https://build.opensuse.org/package/view_file/network/krb5/krb5-kvno-230379.p...
This patch allows keytab entries that match any KVNO; removing this patch will break setup for anyone relying on it.
It looks like only remotely related to bug report itself - as bug report states "we have keytabs with KVNO == 1 and cannot rewrite them", so adding ability to use keytab with KVNO == 0 hardly helps here. Of course it does allow preparing for unknown KVNO in advance, but it could also be used unintentionally.
I'm rather reluctant to keep such a local patch in crypto software.
Especially the question is: If there's a valid use-case why wasn't that added to upstream source code?
Hmm, the patch filename let's me conclude it might be related to this bug:
https://bugzilla.suse.com/show_bug.cgi?id=230379
But: "You are not authorized to access bug #230379."
No, the number is not a SUSE Bug (bug 230379 is about something entirely different). Might be an attachment number? unclear. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Marcus Meissner wrote:
On Wed, Dec 09, 2015 at 11:31:24AM +0100, Michael Ströder wrote:
Michael Ströder wrote:
Andrei Borzenkov wrote:
08.12.2015 23:58, Michael Ströder пишет:
I'm trying to upgrade the Kerberos packages to 1.14 which contains lots of major changes. Therefore I wonder whether the failing krb5-kvno-230379.patch [1] is still needed.
In the patch file the following ticket is referenced:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349
The ticket was created back in 2006 and it mentions upgrade issues from W2K to W2K3. Since even W2K3 will be out-of-service pretty soon I'm inclined to simply drop this patch.
Any thoughts on this?
[1] https://build.opensuse.org/package/view_file/network/krb5/krb5-kvno-230379.p...
This patch allows keytab entries that match any KVNO; removing this patch will break setup for anyone relying on it.
It looks like only remotely related to bug report itself - as bug report states "we have keytabs with KVNO == 1 and cannot rewrite them", so adding ability to use keytab with KVNO == 0 hardly helps here. Of course it does allow preparing for unknown KVNO in advance, but it could also be used unintentionally.
I'm rather reluctant to keep such a local patch in crypto software.
Especially the question is: If there's a valid use-case why wasn't that added to upstream source code?
Hmm, the patch filename let's me conclude it might be related to this bug:
https://bugzilla.suse.com/show_bug.cgi?id=230379
But: "You are not authorized to access bug #230379."
No, the number is not a SUSE Bug (bug 230379 is about something entirely different).
Might be an attachment number? unclear.
Hmm, so this turns into kind of archaeological work to find out why the patch is there and whether to put effort into updating it. My suggestion: Let's drop it. Ciao, Michael.
participants (4)
-
Andreas Schwab -
Andrei Borzenkov -
Marcus Meissner -
Michael Ströder