[Bug 1783706] Re: [MIR] oath-toolkit

James Page james.page at ubuntu.com
Wed Oct 31 10:46:31 UTC 2018 

Hi Seth

Thank-you for the review.

The fix for the FTBFS is in cosmic-proposed (resolving part of your
feedback on the current state of the package).

I agree that the activity in the project upstream is worrying.

Re code vendoring of gnulib - indeed I'm not a fan for vendoring either
however this does seem to be a pattern that gnulib promotes based on the
comments in #11 (and the fact they have a tool todo this vendoring).

I did dig into whether we could disable this feature in ceph (which
relates to the use of MFA in the Ceph RADOS Gateway - see
http://docs.ceph.com/docs/mimic/radosgw/mfa/) however its not currently
an optional component - we could work upstream to see if this would be
possible, but that's not going to help us in the short term.

Right now we have a bit of a situation in that Ceph in bionic is 12.2.7
and Ceph in the cosmic release pocket is 12.2.4 which creates issues
with upgrades (bug 1800526) so we need to resolve this one way or the
other fairly quickly.

If there is not a path forward that involves use of oath-toolkit from
Ceph, then we need to switch back to the 12.2.x series to resolve the
current issues with upgrades whilst this is resolved.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to oath-toolkit in Ubuntu.
https://bugs.launchpad.net/bugs/1783706

Title:
  [MIR] oath-toolkit

Status in oath-toolkit package in Ubuntu:
  New

Bug description:
  [Availability]
  In universe

  [Rationale]
  New dependency for ceph (radosgw)

  [Security]
  One CVE found:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7322

  Resolved in versions in Ubuntu

  [Quality assurance]
  Upstream tests run as part of package build.

  [Dependencies]
  All in main

  [Standards compliance]
  Older style CDBS package but OK.

  [Maintenance]
  Two non-maintainer uploads in Debian; A new point release is available from 2016
  ubuntu-openstack team in Ubuntu

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/oath-toolkit/+bug/1783706/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list