[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#744718: pu: samba4/4.0.0~beta2+dfsg1-3.2+deb7u1

Ivo De Decker <ivo.dedecker@ugent.be> writes:

> The attached patch removes the samba4 binary package. Please accept it
> for wheezy, even though it's clear that this is not a nice option.

> The samba4 source package in wheezy contains a beta version of samba
> 4.0. Most samba functionality is disabled in this package, because it is
> provided by the samba package (version 3.6.6) in wheezy. Only the samba
> AD DC functionality is enabled, but it is severely limited.

> There is no security support for this beta version of samba. It is
> vulnerable to a number of public issues.

> The samba4 package in wheezy is not suitable for usage in a production
> environment. It should not have been released with wheezy.

It's possible that you've already done this, but if not, I recommend also
coordinating this with the Debian security team as well.  When things like
this have happened in the past, they've released an "end of life" security
advisory to notify Debian stable users that a given package will not
receive security support and should be considered insecure.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: