Upload of john 1.7 to experimental

Javier Fernández-Sanguino Peña jfs at computer.org
Mon Feb 20 17:09:34 UTC 2006


On Mon, Feb 20, 2006 at 05:50:56PM +0300, Solar Designer wrote:
> I am directing copies of these messages to pkg-john-devel, but I expect
> them to bounce like my previous messages did.  I'd appreciate it if you
> get this mailing list setup fixed.

I'll try to contact alioth maintainers and see what can they do about it.

> > What confusion regarding cron jobs?
> 
> To me, this whole approach is ridiculous.  It is not recommended
> anywhere in JtR documentation to automate John runs like that.  Rather,
> the system should have a password checker such as my pam_passwdqc
> installed and JtR should be used eventually to validate that such
> proactive password checker is working as intended.

Well, your PAM module is available in Debian (libpam-passwdqc), so admins can
enable it if needed. But it's not enabled per default. Also notice that
people installing John can decide wether they want the cron job or not. I've
seen some systems that appreciate that feature and activate it, other's drop
it. It's a matter of personal taste. 

> There are also plenty of implementation details - although things are
> not as bad as they were before my initial comments (years ago).

Yes, the cron jobs are kind of a hack and could be improved a lot, but I have
to say that I believe people use them and I don't think we should drop them
altogether.

> > This stems, IIRC, from bug report #251095:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=251095
> 
> Oh, I had fixed the bug described in the original report many years ago -
> I think in 1999 - but you were packaging the 1.6 release from 1998, which
> is why you still needed to patch it.  (OK, it was my fault that I did
> not release 1.7 for this long.  I understand that Debian and many others
> didn't want to use development snapshots.)

Well, I packaged development snapshots for Debian in the 'experimental'
branch.

> If that's the only reason for the amd64.diff, then please drop that
> patch.  It is buggy in itself (in other ways).

Ok. Will do.

> The bug is yours.  What you are doing is essentially:
> 
> make linux-x86-any
> make clean
> make linux-x86-mmx
> make linux-x86-any

Ok. Spotted the bug, it lies with 'cdbs' and it will be removed since
(in the next revision) I'll just compile linux-x86-mmx and use the 
mechanism you pointed out.

> Notice that there's no "make clean" between the last two makes - and
> that's precisely what causes the last make to fail.  (No idea why you
> need to build linux-x86-any twice.)

Bug in the package build.

> The compiler warnings are most likely a result of the amd64.diff - they
> should be gone once you drop that patch.  If not, please let me know.

Ok. Will let you know.

Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-john-devel/attachments/20060220/438b488f/attachment.pgp


More information about the Pkg-john-devel mailing list