[Proposal] Samba 3.2.0 to replace 3.0.22

Gerald (Jerry) Carter jerry at samba.org
Mon Jan 9 14:58:44 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* jerry crawls out of his hole of missed deadlines....

Andrew Bartlett wrote:

> Does the cluster work also fall into this?

I would expect so.

> Personally, I would like to see some enhanced security 
> defaults for Samba 3.2.  For example, a requirement for
> some form of integrity protection on winbindd connections
> (either smb signing, NTLMSSP or schannel pipes etc),
> and dropping of plaintext password support by default.
> 
> Also, if the Samba 3.2 thing is done, I would also like 
> to see some more Samba4 code pulled back.  While pulling back
> GENSEC probably has too many knobs on (have you seen how
> many places the credentials system has it's little fingers
> in? :-), it would be good to see ldb pulled back.


>> And we will continue with any necessary bug fix or security
>> releases for 3.0.x.  Bug fix releases being the 'letter' 
>> releases (3.0.21b, etc, ...) and security fixes eating
>> a minor version number as usual.
> 
> 
> This is the big cost, but perhaps we would have that 
> anyway.  We have been fortunate in that we have not had
> security issues since doing 3.0.20, but I suspect that
> we would all feel a bit bad leaving anybody on < 3.0.20
> high and dry in the case of a security issue.  So perhaps it
> isn't a massive amount more work anyway.  It depends how 
> many 'bug fixes' folks are tempted/demanded to spend
> their time on.

Here's an alternative which might work around some of
the down sides of a new minor number.  We could revive the
3.1.x releases as development releases and just continue
to backport things to 3.0.  That would give us the ability
to release the new test code without upsetting vendors
and existing documentation.  That would also remove most of
the branch maintenance concerns since 3.0.x would still be
the production version but we would have more freedom to
experiment in the 3.1 tree.

The only question is whether or not people would be willing
to test 3.1 code.  We have a problem with wide spread testing
now as it is.  This discussion is far from over I think.






cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDwnokIR7qMdg1EfYRAoOQAJ0SuWPJq/d/nPOhMJBp4SbQIwD47QCgv09S
/LCSLJWYDMiLM55xCVs7TRM=
=dTC/
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list