| Summary: | net-misc/openssh-4.6_p1-r2 needs an updated ldap patch | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | vannessz <tjzero> |
| Component: | New packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | andre.hinrichs, jeff, mister.woody, qa, XL |
| Priority: | High | ||
| Version: | 2007.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
vannessz
2007-08-03 14:17:22 UTC
vanessz: Please actually write a decent summary next time you file a bug. While there is indeed the error message, in the best of all worlds it should never happen that an ebuild errors out this way. Especially since the ldap use flag is set by default in our profiles. I don't know who chose to do so, but it was a very bad choice. Better actions would have been not to mark the ebuild stable until the issue is sorted out or to place a message in the appropriate channels (GWN, announcement list, forums) and remove the ldap use flag. Removal of the ldap USE flag is not a proper solution, unless it is done on a per-package basis. If we can't get the LDAP patch ported in a timely manner, maybe we should really revisit why we're deviating from upstream in the first place. public announcements mean squat when someone upgrades their openssh only to find they cant log in anymore ... that is exactly what happens when something like USE=ldap gets silently dropped from a core package like openssh See my comment http://bugs.gentoo.org/show_bug.cgi?id=183958#c13 Stabilizing everything up to -4.5* seems to be OK, but 4.6* simply doesn't work with "ldap" in USE which is a profile default ... // default-linux/x86/2007.0/desktop/make.defaults Of course I can either mask 4.6* or add "-ldap" to "package.use", but I simply can't understand the strategy behind this "stabilizing all". I guess that currently quite a lot of "gentoo users" will get a "booo" when "updating world". Could someone explain, whether this is by intention, i. e. a method to inform users that they should remove "ldap" from openssh USE, or not. Axel maybe if you read this bug (comment #3) you'd find all your questions already answered user convenience loses here Can you please explain better comment #3? I am not sure I understand what you are suggesting with that New patch is available. http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch Re-assigning since I really don't have time for it. (In reply to comment #6) > Can you please explain better comment #3? I am not sure I understand what you > are suggesting with that That removing USE=ldap to avoid this issue is a Bad Idea (TM) :P (In reply to comment #8) > (In reply to comment #6) > > Can you please explain better comment #3? I am not sure I understand what you > > are suggesting with that > > That removing USE=ldap to avoid this issue is a Bad Idea (TM) :P > Yeah I think that for example the Gentoo infra runs openssh with LDAP support. I still don't get ist. If updating to 4.6* would solve a security issue, I would understand the need/pressure to stabilize it. But actually most users will get "booo-ed", because of "ldap" in USE and will furthermore get the suggestion to mask 4.6*. So it can't be a security issue. The obvious question is Why are you stabilizing 4.6*, althought it is known to not build for almost everyone?" and not Should "ldap" be removed from openssh USE? Axel Andrea: remind me to stab you next time i see you added updated patch to 4.6_p1-r3 |
