- The package is not lintian clean
- It ships its own tftpd server, which is undesirable
- Has had 5 CVEs assigned since 2009.
- It ships an upstart job that runs cobblerd. While it listens on the loopback
interface and is written in python, it runs as root
- While I did not perform an in depth audit, the most cursory inspection of
code shows that various parts of it are not coded well (eg, use of 'os.system',
predictable filenames, etc)
I don't think cobbler is supportable for 5 years and would greatly
prefer to keep it out of main. I am in discussions with the server team
on alternatives. If maas moved away from cobbler (LP: #975473) in the
12.04.1 timeframe, it might be acceptable to keep cobbler in main with
18 months support (with a release note stating this), but a condition of
the main inclusion would be an apparmor profile.
** Changed in: cobbler (Ubuntu)
Status: New => In Progress
** Changed in: cobbler (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Andres Rodriguez (andreserl)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/950193
Title:
[FFe] [MIR] Cobbler
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/950193/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
