[Pkg-openldap-devel] RE: LDAP/BDB log purging (fwd)
Quanah Gibson-Mount
quanah at stanford.edu
Tue Mar 6 23:41:26 UTC 2007
--On Tuesday, March 06, 2007 11:48 AM -0800 Russ Allbery <rra at debian.org>
wrote:
> Could be any number of different reasons including focusing on later
> versions of Berkeley DB (if they don't use OpenLDAP or other really
> intensive applications, they may be mostly using 4.4 themselves) or, for
> that matter, just not being horribly active. There haven't been many
> db4.2 uploads in the last year.
Just to follow up on this point -- I understand the desire to move away
from BDB 4.2. However, I feel that as long as it is being offered, I would
expect it to be maintained well at least as far as using what the upstream
provider says is necessary. The patch in question has been out for nearly
2 years (March 22, 2005), and was noted as a requirement for use with
OpenLDAP 2.3. If there was a major security vulnerability announced in the
OpenLDAP 2.1 libraries, and a patch was provided by upstream to handle it,
I'd expect that would end up in Debian as long as the 2.1 libraries are
offered. With a database, I'd expect fixes that cause data corruption to
be added to the package as long as it is made available. It may not be a
security vulnerability, but it is a severe problem that affects the users
of the software, and I know they have expectations as to how they believe
the product is packaged and its reliability.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list