Lorens Kockum said something to the effect of: "Why get asked at all whether to run shadow passwds?"
There are multiple buffer overrun bugs in the shadow passwd suite as used by debian. The bugs seem to take different forms in hamm than they do in bo; I'm not sure why. I reported this as a critical bug in login (to the effect that if lines in /etc/group are too long, NO ONE LOGS IN), but the only reply I have received to date is the automatic reply from the debian bugs robot. It is my opinion that the shadow passwd suite needs to be thoroughly and completely shaken down. It's my understanding: -that any bug that would prevent anyone logging in, is critical; if I'm wrong on this, let me know, and I'll reset the bug severity to something less than this. Note, however, that such a bug has security implications as well, especially in the presence of buffer overrun problems. The silence after posting the bug makes me suspect this is maybe the case, or that the shadow passwd suite is orphaned. Could someone please let me know either way? -that if a bug which is critical is not resolved, new versions of debian will not be released. -Jim -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
