Ubuntu
apg package

[MIR] apg

Bug #785682 reported by Rodrigo Moya
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apg (Ubuntu)
Fix Released
Undecided
Didier Roche-Tolomelli

Bug Description

Binary package hint: apg

1. Availability - already packaged & builds in Ubuntu universe since Maverick & Debian experimental

2. Rationale - The new gnome-control-center needs apg so that the user accounts panel works, so this would need to be in Main. The latest upload to oneiric for g-c-c has this as a Recommends:, but once apg is in the main archive, it will be a dependency, as the Debian package.

3. Security - apg is a program that exists since several years ago, and is being used in several distros, so security issues should go through the usual process

4. QA - There are no open bugs for this package as of today -> https://bugs.launchpad.net/ubuntu/+source/apg

5. UI - apg is a command line tool, so there is no UI

6. Dependencies - libc6

7. Standards-compliant 3.7.2.2

8. Maintenance - We are currently in sync with Debian

9. Background information - apg is a tool that exists since several years ago, and even though it hasn't had many new versions in the last few years, it seems to be a consolidated tool, being used in Fedora and other distros for password generation

See original description
Rodrigo Moya (rodrigo-moya)
description: updated
Michael Terry (mterry)
Changed in apg (Ubuntu):
assignee: nobody → Didier Roche (didrocks)
Rodrigo Moya (rodrigo-moya)
description: updated
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

The packaging and code looks good to me (apart from some linitian warnings, but not relevant in this case)

I still want to the security to have a look as it's what will be used to generate password for our users in the new GNOME account panel.

Note to the security team:
The client/server version of apg has been deliberately omitted since
the passwords are sent over the network unencrypted.

Assign me the task back if it's ready for promoting to main security-wise.

Changed in apg (Ubuntu):
assignee: Didier Roche (didrocks) → Ubuntu Security Team (ubuntu-security)
Revision history for this message
Kees Cook (kees) wrote :

This uses /dev/random for seed generation among other things, so that's certainly sufficient for decent generation. Should be fine. +1

Changed in apg (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
assignee: nobody → Didier Roche (didrocks)
status: New → In Progress
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

2011-06-10 09:55:12 INFO Creating lockfile: /var/lock/launchpad-change-override.lock
2011-06-10 09:55:21 INFO Override Component to: 'main'
2011-06-10 09:55:21 INFO 'apg - 2.2.3.dfsg.1-2/universe/admin' source overridden
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/amd64
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/armel
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/i386
2011-06-10 09:55:22 INFO 'apg-2.2.3.dfsg.1-2/universe/admin/OPTIONAL' binary overridden in oneiric/powerpc
Confirm this transaction? [yes, no] yes
2011-06-10 09:55:56 INFO Transaction committed.
2011-06-10 09:55:56 INFO Done.

Changed in apg (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.