|
Hello Sven, Yes, this is a problem. I remember we discussed libs3 some time ago, but I did not realize that it has a number of security issues. I do know that it is no longer maintained by the original maintainer. Bacula Systems has been updating the source code as changes are needed to make our cloud driver work. Do you see any other alternative for a C/C++ than to use libs3? For other S3 vendors, Bacula Systems has resorted in using the
vendor supplied command line tools to access the their clouds.
This gets around the incompatibility of S3 implementations
problems, but it opens new problems in that the vendors typically
supply binaries, and if they have problems or bugs there is no way
to fix them. So far, I have no good solution to the problem. I
would be interested in any of your suggestions. In fact, if I thought there were enough Bacula users using AWS S3, I would even consider fixing and maintaining the libs3 package myself. Of course that would be workable only if Debian and perhaps other vendors would adopt such a project. Best regards, Kern On 6/30/19 5:17 PM, Sven Hartge wrote:
On 30.06.19 16:57, Sven Hartge wrote:We would need to ship the special libs3 either as embedded code inside the Bacula source package or package it as a separate libs3-bacula package. Both will get an instant veto from the Security Team and the Release Managers. (Debian Policy §4.13)The main problem here is that libs3 is already in Debian, but in the ancient version 2.0 which doesn't even work with today's S3 anymore. (It really should be removed from Debian, to be honest.)After version 2.0, there have no new official releases been made by the upstream developer and looking at the commit history on Github it seems largely abandoned, aside from some merges PRs here and there. When Bacula Systems implemented the Cloud driver in 2016.12.09 it used the then git-HEAD of the library but it was still in flux back then, so any version a bit older or a bit newer will not work with Bacula, so even if Debian shipped a newer version, it would be incompatible with Bacula. Now, that special version from 2016.12.09 still contains some very jarring problems including buffer overflows or memory leaks. No distribution would want to support that code. But we already went over this back when 9.4.0 was released and Carsten and I tried to package the Cloud driver for Debian but gave up when it dawned on us what an ordeal it would be to achieve this in the constraints of Debian. Grüße, Sve. |
_______________________________________________ Bacula-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/bacula-users
