On 02/20/2019 11:10 AM, Eli Schwartz via arch-general wrote: > From a QA point of view, if no one found the packages which lack a > policy in the several years the pambase ticket was open for, then > putting a permissive policy back in place means we will, once again, > never find these packages. Well, that is somewhat a "straw-man" argument. I is rather difficult to find packages which lack a policy when (1) you don't know there is a pambase bug open or (2) that a default change to pambase is coming until things start breaking. The last note on the homepage is for "ibutf8proc>=2.1.1-3 update requires manual intervention" from July 2018. I don't mind learning PAM, but it is horribly inconvenient when you have time-critical documents to scan for the Court that suddenly won't make it from the copier to the server any more. Somewhere there is a fine line between what a normally adept user should be expected to know and topics that developers are working with. That was made clear when public posts to the arch-dev list were suspended. Knowing that there are likely a number of packages that still need a policy, like vsftpd, is there somewhere we should keep a list so that packages can include the policy and an install script? Or should we just mail the maintainer directly? Doesn't seem like a bug is warranted, but I'll defer to whatever the consensus is. -- David C. Rankin, J.D.,P.E.
Attachment:
signature.asc
Description: OpenPGP digital signature
