Jan, On Fri, Sep 10, 2010 at 11:25:14PM +0200, Jan Dittberner wrote: > I just uploaded pam-pgsql/0.7.1-3 to unstable. The new upload fixes #594721 > and > #596375. The first bug is security related, the patch is in production use by > the bug submitter and looks sane to me. The second bug is RC because it would > break upgrades from Lenny.
I don't see how the "support Postgres' md5 hashes" is security related. "I can only use this table if I do $foo" while $foo is maybe not sane doesn't qualify as a security bug in my books. This is fun, too: +TODO (see http://dep.debian.net/deps/dep3/): +Last-Update: 2010-08-28 +Forwarded: <no|not-needed|url proving that it has been forwarded> +Reviewed-By: <name and email of someone who approved the patch> That said I wouldn't oppose it, despite it not fitting the freeze guidelines. As for #596375: it looks RC-ish. I'm a bit stunned that there's neither a manpage, nor it's shipped with a configuration file at the default location you suggest. After all, you could pass config_file to the module to use a different one, and those will still break. I'm not sure how to handle this case properly, though, and I'd strongly suggest an entry in NEWS.Debian. Kind regards, Philipp Kern
signature.asc
Description: Digital signature
