Disable SMB2 for 3.6?
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jul 7 09:23:59 MDT 2011
On Thu, Jul 07, 2011 at 05:20:33PM +0200, Michael Adam wrote:
> > We just can't ship if SMB2 is compiled in. The basic
> > architecture of the server is many months old, and nobody
> > detected this flaw. There have been many improvements in
> > 3.6, so I think shipping 3.6 without
> > SMB2 is still worth it. SMB2 should wait until 4.0.
>
> My spontaneous vote is as Simo said, to rather fix this issue and
> possibly delaying the release a bit than not officially shipping
> with SMB2 support.
I'm scared of the deep architectural security flaws that are
still in the code that will open up ourselves to very
high-profile security bugs. This needs to just take a LOT
more very close review, and we can't just postpone all the
other nice 3.6 features, as for example improved printing.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical
mailing list