[RFC] Discontinuing SWAT

C.J. Adams-Collier KF7BMP cjac at colliertech.org
Thu Apr 25 17:14:38 MDT 2013

On Fri, 2013-04-26 at 08:33 +1000, Andrew Bartlett wrote:
> On Thu, 2013-04-25 at 23:48 +0200, Kai Blin wrote:
> > Hi folks,
> > 
> > I think it's time to put SWAT out of its misery. In the past few years,
> > the only commits ever touching it were either API housekeeping or fixing
> > remote root exploit security issues.
> > 
> > The last time we had to do the latter, I accidentally broke password
> > changes for users, and neither me nor any of the people reviewing the
> > changes noticed. I take that as a sign that nobody is really interested
> > in maintaining SWAT, and I think it is becoming a larger liability over
> > time. Considering how large of an attack surface a web app is offering,
> > we should not have one of them in our core release.
> > 
> > There might be the need for a web-based samba configuration tool, but I
> > don't think SWAT is fulfilling that need well enough.
> The main thing I've see folks really want from SWAT is the connection
> between the smb.conf parameter and the help section.  We may well be
> able to solve that simply with a testparm option that prints the manpage
> section after each parameter. 
> I'll also note that this is the second time removing it has been
> proposed (I did so in Feb), and there were no violent objections last
> time, just the above desire that SWAT's sections and manpage link made
> the smb.conf more accessible.  Perhaps make 'SWAT GTK rewrite' a SoC
> project and see if we get any takers?
> Andrew Bartlett

For what it's worth, my opinion as a user of samba for about 15 years is
that SWAT has not been very helpful for me for many years.  I do
remember depending on it for the first few months and years that I used
samba to set up my smb.conf file, and I might not have been able to get
a working environment without the web interface at that phase in my
professional development.  As much as I like the idea of throwing out
code that gets more CVEs than it does commits, it would be best to
ensure that there is an interface for our less skilled users available
during a deprecation phase that we can recommend loudly instead.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130425/5ba61e6b/attachment.pgp>

More information about the samba-technical mailing list