Tom, thinkfinger is dead upstream. At this point, if you want to continue the thinkfinger project you should consider adopting it upstream. Hiding your patches in a bug tracker and in a debian dir is the equivalent of three week's notice behind the sign that says "Beware of Tiger," and is not going to achieve the level of quality a security system requires.
While I agree that the Ubuntu developer who prepared this package against svn make substantial errors that should be corrected if thinkfinger continues, I don't think it's a forgone conclusion that it should. You mention fprint is doesn't accept passwords, but it should be relatively simple to change libpam-fprint to accept a password and pass the results down the pam stack.
It might be worth considering dropping thinkfinger for ubuntu+2 entirely, if we can get eyeballs looking for regressions.
Tom, thinkfinger is dead upstream. At this point, if you want to continue the thinkfinger project you should consider adopting it upstream. Hiding your patches in a bug tracker and in a debian dir is the equivalent of three week's notice behind the sign that says "Beware of Tiger," and is not going to achieve the level of quality a security system requires.
While I agree that the Ubuntu developer who prepared this package against svn make substantial errors that should be corrected if thinkfinger continues, I don't think it's a forgone conclusion that it should. You mention fprint is doesn't accept passwords, but it should be relatively simple to change libpam-fprint to accept a password and pass the results down the pam stack.
It might be worth considering dropping thinkfinger for ubuntu+2 entirely, if we can get eyeballs looking for regressions.