RFC: -server packages universe demotions and main promotions
Kees Cook
kees at ubuntu.com
Mon Dec 7 21:33:06 GMT 2009
On Fri, Dec 04, 2009 at 08:54:47PM +0100, Reinhard Tartler wrote:
> Mathias Gug <mathiaz at ubuntu.com> writes:
> > The Ubuntu Server team would like to get your feedback on whether the packages
> > listed below should be demoted to universe or promoted to main.
> >
> > [...]
> >
> > == Proposed universe demotion ==
> >
> > # nis
>
> Especially in university environments, nis is still really used a lot.
> At least at the place I work, all our student and employee user
> databases handled for unix systems are maintained in nis. True, ldap is
> superiour in many ways, but unless there is a compelling reason for
> demoting it, I'd rather have it in main.
NIS is pretty insecure, so it is in everyone's best interest to encourage
the use of other technologies. Having it out of main doesn't mean
it can't be used, it just isn't officially support. As an example,
telnetd (inetutils) isn't in main either, but if you really want it,
you can still use it.
+1 to demote nis.
> > # racoon
> > # ipsec-tools
>
> No ipsec support in main at all? Also mandatory for ipv6 AFAIUI.
racoon is from ipsec-tools, so this is the same thing. I'm still confused
about this, but it seems that there are very few ways to do ipsec keying.
I'm for dropping ipsec-tools, given its vulnerability history, but I do
not have a recommendation for what SHOULD be the supported IPSEC keying
system.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list