[oi-dev] samba security

Alasdair Lumsden alasdairrr at gmail.com
Sun Apr 15 18:31:16 UTC 2012


On 15 Apr 2012, at 18:59, Martin Walter wrote:

> Would it be not easier and better to just make the newest version available?
> E.g. I would much more prefer just a samba-3.6.4 package than an updated samba-3.5.5.

Yes, if we were on the new build system. So updating samba for /experimental wouldn't be too hard.

But samba for oi_151a is stuck in an old build system, so updating it would require more effort than anyone we have is willing to take on. And as Rich pointed out, isn't really what the stable branch is about.

If you have time you could have a look to see if there is a patch that applies against samba-3.5.5 that fixes the CVE. The usual place to look is other distro's patch sets against samba where their version is close to ours. *That* would be genuinely helpful and more use to us than building stuff :-)

Cheers,

Alasdair





More information about the oi-dev mailing list