Ubuntu

[MIR] apg

Reported by Rodrigo Moya on 2011-05-20
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apg (Ubuntu)
Undecided
Didier Roche

Bug Description

Binary package hint: apg

1. Availability - already packaged & builds in Ubuntu universe since Maverick & Debian experimental

2. Rationale - The new gnome-control-center needs apg so that the user accounts panel works, so this would need to be in Main. The latest upload to oneiric for g-c-c has this as a Recommends:, but once apg is in the main archive, it will be a dependency, as the Debian package.

3. Security - apg is a program that exists since several years ago, and is being used in several distros, so security issues should go through the usual process

4. QA - There are no open bugs for this package as of today -> https://bugs.launchpad.net/ubuntu/+source/apg

5. UI - apg is a command line tool, so there is no UI

6. Dependencies - libc6

7. Standards-compliant 3.7.2.2

8. Maintenance - We are currently in sync with Debian

9. Background information - apg is a tool that exists since several years ago, and even though it hasn't had many new versions in the last few years, it seems to be a consolidated tool, being used in Fedora and other distros for password generation

description: updated
Michael Terry (mterry) on 2011-05-20
Changed in apg (Ubuntu):
assignee: nobody → Didier Roche (didrocks)
description: updated
Didier Roche (didrocks) wrote :

The packaging and code looks good to me (apart from some linitian warnings, but not relevant in this case)

I still want to the security to have a look as it's what will be used to generate password for our users in the new GNOME account panel.

Note to the security team:
The client/server version of apg has been deliberately omitted since
the passwords are sent over the network unencrypted.

Assign me the task back if it's ready for promoting to main security-wise.

Changed in apg (Ubuntu):
assignee: Didier Roche (didrocks) → Ubuntu Security Team (ubuntu-security)
Kees Cook (kees) wrote :

This uses /dev/random for seed generation among other things, so that's certainly sufficient for decent generation. Should be fine. +1

Changed in apg (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
assignee: nobody → Didier Roche (didrocks)
status: New → In Progress
Didier Roche (didrocks) wrote :

2011-06-10 09:55:12 INFO Creating lockfile: /var/lock/launchpad-change-override.lock
2011-06-10 09:55:21 INFO Override Component to: 'main'
2011-06-10 09:55:21 INFO 'apg - 2.2.3.dfsg.1-2/universe/admin' source overridden
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/amd64
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/armel
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/i386
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/powerpc
Confirm this transaction? [yes, no] yes
2011-06-10 09:55:56 INFO Transaction committed.
2011-06-10 09:55:56 INFO Done.

Changed in apg (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers