As the person who fixed the bug, and who is responsible for LTSPFS upstream, allow me to interject.
LTSPFS, or, for that matter, LTSP in the large, never had much of a security model. X was always launched without auth, LTSPFS had no security, etc. This is true for every version of LTSP from 1 to 4.2 When the original bug was filed, causing LTSPFS to gain some security, it required a fairly major rewrite of LTSP. Including going from the older Python LDM to the newer C one. The massive changes to LTSP that occurred at that time and the resulting backport that were necessary were more than the limited pool of volunteer LTSP developers could handle at the time. I think we need to be clear about what's "Ubuntu" and what's upstream. Ubuntu, the distro, reported a security flaw in LTSPFS. LTSP's response was to completely re-work LTSP, in essence, producing a whole new version. One that was almost impossible to backport into the distro. This is simply an outcropping of the policy of "The release in the distro should stay constant.". Hope this, if nothing else, provides some historical background. Cheers, Scott -- LTSPFS security is broken https://bugs.launchpad.net/bugs/133635 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
