[RFC] Discontinuing SWAT

Jelmer Vernooij jelmer at samba.org
Fri Apr 26 00:04:02 MDT 2013


On Thu, Apr 25, 2013 at 11:48:51PM +0200, Kai Blin wrote:
> I think it's time to put SWAT out of its misery. In the past few years,
> the only commits ever touching it were either API housekeeping or fixing
> remote root exploit security issues.
> 
> The last time we had to do the latter, I accidentally broke password
> changes for users, and neither me nor any of the people reviewing the
> changes noticed. I take that as a sign that nobody is really interested
> in maintaining SWAT, and I think it is becoming a larger liability over
> time. Considering how large of an attack surface a web app is offering,
> we should not have one of them in our core release.
> 
> There might be the need for a web-based samba configuration tool, but I
> don't think SWAT is fulfilling that need well enough.
+1

Despite the concern that's been expressed about the status of SWAT a couple of
times over the last couple of years, nothing has really happened. It's 
better to remove it than to let it simmer in its current unusable state.

If we want to have a web interface, then I suspect it would be easier to build
something new from the grounds up than to update the current SWAT anyway.

Cheers,

Jelmer


More information about the samba-technical mailing list