Bugzilla – Bug 1213388
AUDIT-1: pam_dbus: consider dropping this package due to its problematic design
Last modified: 2024-03-11 09:23:56 UTC
We should have a second look at `pam_dbus` as discussed on IRC last week. Devel project: Linux-PAM/pam_dbus The package was last audited 6 years ago [0], where issues have already been raised. On top of that, it uses a D-Bus service configuration ("at_console") that has been deprecated due to possible security issues [1][2][3]. The team's preliminary consensus was that this package should be dropped from openSUSE:Factory and prevented from entering ALP. [0] https://bugzilla.suse.com/show_bug.cgi?id=1039709 [1] https://www.spinics.net/lists/linux-bluetooth/msg75267.html [2] https://lintian.debian.org/tags/dbus-policy-at-console [3] https://devel.fedoraproject.narkive.com/HSrV2HRW/don-t-use-at-console-in-dbus-policy-files
AUDIT-1 should be enough for this topic I guess. There is some time constraint maybe due to ALP though.
I will file a delete request.
In addition to the issues mentioned above, upstream development seems to have ceased. The upstream URL in the spec file [0] and the original Debian package repository [1] do not exist anymore. Debian also dropped it from the distribution a long time ago. [0] http://git.nomeata.de/?p=darcs-mirror-pam-dbus.debian.git;a=summary [1] https://people.debian.org/~nomeata/pam-dbus/ [2] https://packages.debian.org/search?searchon=names&keywords=pam-dbus
https://build.opensuse.org/request/show/1154637
The delete request was been accepted. Closing.