[Proposal] Samba 3.2.0 to replace 3.0.22

James Peach jpeach at samba.org
Wed Jan 11 00:30:51 GMT 2006


On Mon, 2006-01-09 at 09:18 -0600, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> James Peach wrote:
> 
> > Which of these result in incompatible changes with 3.0.*?

[snip]

> Here's the specifics of Volker's changes as I understand
> them.  The new code places unmapped groups into the new
> internal domain.  This can potentially break any security
> descriptor on a file that has been created under POSIX
> and copied to an NTFS drive since we previously applied
> an RID algorithm to such unmapped groups.
> 
> Of course, one possibility to solve this is to create a
> static mapping for such groups via and upgrade script,

Ok, so some sites might already have files out there with broken
security descriptors.

When they upgrade to *any* version of Samba with Volker's changes, this
problem will be exposed, regardless of whether that version is 3.0.23 or
3.2. If you put out a 3.2 release and don't fix anything in the 3.0
series, the problem gets worse, since there will be more broken
descriptors on files in the wild.

Administrators need to be aware of the problem and they need tools to
detect and solve it. If this is a real problem, I don't think release
management is the solution.

-- 
James Peach | jpeach at samba.org



More information about the samba-technical mailing list