[Bug 950193] Re: [FFe] [MIR] Cobbler
Jamie Strandboge
jamie at ubuntu.com
Fri Apr 6 20:58:05 UTC 2012
- The package is not lintian clean
- It ships its own tftpd server, which is undesirable
- Has had 5 CVEs assigned since 2009.
- It ships an upstart job that runs cobblerd. While it listens on the loopback interface and is written in python, it runs as root
- While I did not perform an in depth audit, the most cursory inspection of code shows that various parts of it are not coded well (eg, use of 'os.system', predictable filenames, etc)
I don't think cobbler is supportable for 5 years and would greatly
prefer to keep it out of main. I am in discussions with the server team
on alternatives. If maas moved away from cobbler (LP: #975473) in the
12.04.1 timeframe, it might be acceptable to keep cobbler in main with
18 months support (with a release note stating this), but a condition of
the main inclusion would be an apparmor profile.
** Changed in: cobbler (Ubuntu)
Status: New => In Progress
** Changed in: cobbler (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Andres Rodriguez (andreserl)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cobbler in Ubuntu.
https://bugs.launchpad.net/bugs/950193
Title:
[FFe] [MIR] Cobbler
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/950193/+subscriptions
More information about the Ubuntu-server-bugs
mailing list