[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5.
From: |
Leo Famulari |
Subject: |
[bug#34632] [PATCH 0/2] Change from GSS to MIT-KRB5. |
Date: |
Sun, 17 Mar 2019 14:27:05 -0400 |
User-agent: |
Mutt/1.11.3 (2019-02-01) |
On Fri, Mar 15, 2019 at 11:43:26PM -0400, Maxim Cournoyer wrote:
> Unmaintained on what ground? The website doesn't list fresh news,
> but the latest release was made in 2014 [1], and the maintainer has made
> changes to the Debian package last time in 2017 [2]. I wouldn't say it's
> unmaintained until the maintainer says so or CVEs pile up unfixed (which
> there aren't).
Considering the rate of vulnerability discovery in MIT Kerberos [0] I
think that, if GSS was being examined to the same degree, we would learn
of many serious bugs. Any significant C codebase of this age will have
such bugs. But unfortunately GSS hasn't received as much scrutiny.
[0]
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=krb5
signature.asc
Description: PGP signature