The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Need status reports on PAM and LIBC 6, please



Andrew G. Morgan wrote:

> > galenh >I've been having a terrible time with the 0.55 sources, which I
> > galenh >downloaded out of curiosity.  My gut feeling is "no go".  Let's just
> 
> If there are any problems regarding PAM I would appreciate some email on
> them. PAM is being deployed around the world at a frighteningly fast rate.
> All problems are potential security problems and I will sleep better at
> night to think they are being fixed. At the very least, difficulties
> configuring PAM should be better explained in the documentation.
> 

Okay, I'll be honest here...it turns out the problems I had were
the result of my misunderstanding of the build procedure.  (I'd prefer
a more GNUish configuration/makefile environment, but that's beside
the point.)  Sorry if I scared you. :)

Is anybody currently maintining the PAM libraries?  I'm not quite
crazy enough to volunteer for that task just yet.  I could modify the
su in shellutils to use PAM, and the people responsible for
login/passwd could probably do the same (or cannibalize the RedHat
patches if they're lazy).  This would also affect pppd, xpm, ftpd,
and probably a godzillion others, although since we're not changing
the underlying mechanism (pam_unix just uses the standard library
calls) they should still work.

I echo Bruce's question:  Can we do this without shooting ourselves
in our collective feet?  If we can, we need to know _now_.

--Galen


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com