Disable SMB2 for 3.6?
ronniesahlberg at gmail.com
Fri Jul 8 06:45:02 MDT 2011
+1 for what Volker says.
If it has been in there for months and no one has noticed. It means
virtually no real world exposure.
Who knows what else will show up after a few more kilo/mega-hours of real use.
No one benefits from a "uncertain quality release".
Better drop SMB2 from the release until such stage it is both well
tested, mature and stable.
Volkers data suggests it is neither well tested nor mature so
therefore I think it should be dropped.
Drop smb2 for now, and add it back later.
On Fri, Jul 8, 2011 at 1:23 AM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Thu, Jul 07, 2011 at 05:20:33PM +0200, Michael Adam wrote:
>> > We just can't ship if SMB2 is compiled in. The basic
>> > architecture of the server is many months old, and nobody
>> > detected this flaw. There have been many improvements in
>> > 3.6, so I think shipping 3.6 without
>> > SMB2 is still worth it. SMB2 should wait until 4.0.
>> My spontaneous vote is as Simo said, to rather fix this issue and
>> possibly delaying the release a bit than not officially shipping
>> with SMB2 support.
> I'm scared of the deep architectural security flaws that are
> still in the code that will open up ourselves to very
> high-profile security bugs. This needs to just take a LOT
> more very close review, and we can't just postpone all the
> other nice 3.6 features, as for example improved printing.
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical