From owner-freebsd-current@freebsd.org Wed Sep 14 19:21:59 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 676F0BD6FC4; Wed, 14 Sep 2016 19:21:59 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EDC901B9E; Wed, 14 Sep 2016 19:21:58 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 1209190c-5d3ff70000001b1f-9d-57d9a34e5785 Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 78.77.06943.E43A9D75; Wed, 14 Sep 2016 15:21:51 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id u8EJLn41002721; Wed, 14 Sep 2016 15:21:49 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u8EJLkHx009571 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Sep 2016 15:21:49 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u8EJLkUA010070; Wed, 14 Sep 2016 15:21:46 -0400 (EDT) Date: Wed, 14 Sep 2016 15:21:46 -0400 (EDT) From: Benjamin Kaduk To: freebsd-security@freebsd.org cc: freebsd-current@freebsd.org Subject: Heimdal in base In-Reply-To: <86egfu9z0j.fsf@desk.des.no> Message-ID: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-ID: X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsUixG6nruu/+Ga4wZmJrBZz3nxgsujZ9ITN gcljxqf5LAGMUVw2Kak5mWWpRfp2CVwZt14+YC34LFJx4sBylgbGeYJdjJwcEgImElNfv2Lr YuTiEBJoY5Lom/SGCcLZyCgxecU/RgjnEJPEnG0rWEFahAQaGCV+v+fvYuTgYBHQlpg1yxEk zCagIjHzzUY2EFtEQEGi69MPdhCbWUBe4v+Vy0wgtrCAhMSMlXMZQWxOAU2Jqx9PMoPYvAIO El8W9bJC7NrHLHFuSRdYQlRAR2L1/iksEEWCEidnPmGBGBogsezTLEYI20Giacoe5gmMgrOQ lM1CUjYLSRmErSvxZtVBJghbW+L+zTY2mJoFrVPZFjCyrWKUTcmt0s1NzMwpTk3WLU5OzMtL LdI11MvNLNFLTSndxAiKAE5Jnh2MZ954HWIU4GBU4uG9EXAzXIg1say4MvcQoyQHk5Io77r5 QCG+pPyUyozE4oz4otKc1OJDjBIczEoivEYgOd6UxMqq1KJ8mJQ0B4uSOG/XjAPhQgLpiSWp 2ampBalFMFkZDg4lCd7URUCNgkWp6akVaZk5JQhpJg5OkOE8QMMrQGp4iwsSc4sz0yHypxgV pcR5vUESAiCJjNI8uF5wgtrNpPqKURzoFWHeKyBVPMDkBtf9CmgwE9DgLWuugwwuSURISTUw BrTvZ/+i9zVt80vN+0ycpU1PeLfoTwl498HWK1Zwfsk1hqozzrH/ooNMdF4F8PncXnT12JfI lFXhs5vXR9yz+1U2uzfwX0NfVZ/wPIPrx6I0C9mmxytaSJ69PNU0IHf/6TXdLmsWWc61EXuf dPz8pL6vck1n17yZ42T8c2PV5+MznT0Z1KPUlFiKMxINtZiLihMBJ8cIKSsDAAA= Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 19:21:59 -0000 (was Re: OpenSSH HPN) [See https://lists.freebsd.org/pipermail/freebsd-security/2015-November/008747.h= tml for the bits that Dag-Erling skipped] On Fri, 13 Nov 2015, Dag-Erling Sm=F8rgrav wrote: > Benjamin Kaduk writes: > > Things seem to have slowed down a lot since the lead Heimdal developer > > got hired for Apple. [...] MIT employs developers whose job > > descriptions include being the krb5 release manager [...] Heimdal has > > changed plans to a 1.7 release [...] and since the developers in > > question are being paid to work on other things, there is no real > > timeline for the release. > > Given this state of affairs, it might not be unreasonable to consider > switching back for 11. There should be enough time, provided our > Kerberos maintainers have some spare cycles. Well, it's definitely too late for 11, now. But, Debian is preparing to remove their heimdal package entirely, imminently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D837728 I also can't find an archive of heimdal-discuss@sics.se that still works (now that gmane is gone), so I'll quote the relevant message from there, below. Maybe we should consider dropping heimdal for 12. -Ben %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: Wed, 14 Sep 2016 14:58:27 -0400 From: Andrew Bartlett To: heimdal-discuss@sics.se Subject: Heimdal to be removed from Debian shortly FYI: I'm sorry to say that per: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D834654 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D837728 Heimdal will shortly be removed from Debian. It is the view of those of us involved that inclusion of sensitive security software in the next stable release of Debian needs the normal pattern of maintained upstream releases, not just a git tree to take snapshots from. It is also being eased out of Samba, we will make further decisions once we get a build against MIT krb5 working. Sorry, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.orgSamba Developer, Catalyst IT http://catalyst.net.nz/services/samba From owner-freebsd-current@freebsd.org Wed Sep 14 21:36:29 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DECDEB969BC; Wed, 14 Sep 2016 21:36:29 +0000 (UTC) (envelope-from dewaynegeraghty@gmail.com) Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD9F61DEE; Wed, 14 Sep 2016 21:36:29 +0000 (UTC) (envelope-from dewaynegeraghty@gmail.com) Received: by mail-it0-x236.google.com with SMTP id r192so65247469ita.0; Wed, 14 Sep 2016 14:36:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Q2BQUb2YFvT2VCtTEP308vPNAayZsJAY1fZwkHBHMTc=; b=SucfAuWa5TdZBux/xJ3Cr0Ncrf+4x4tqbGEv8hw/QSQ/sdOpV6wKA0uXxy4Wdv0v/n +J55FsZIStwZ9lIRYHaitAzz6GgtfWxSTg09dgtgnVb4WlA7TS1GU0s9ErqLWFVv3+jr vVP0+A+oyFNOKjUlNPzVVnFDtjxF/ryI5APf7BGntSVXHT/++8qfJwQw0Xi/t1DHmyZz 7pWgotaykXt7IJXG+0xQS6F395wnR3vt2ysOEm8cIr47bY1B+tcfz2I4ykiWUtmaOrgZ 1mOOIEu8pBAm7GsJ9S5gai/SbjrBU/D3Jroc6lRvFo5eWUGy0vl5pvvaKkGq+iAR9Ehc hkLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Q2BQUb2YFvT2VCtTEP308vPNAayZsJAY1fZwkHBHMTc=; b=DmJal/ICsaRBQF6ms5drq6M+0ohLMjBr1d82SKGVxr/BH4MrrEh8lEEmKPRyRTPlQT /lYOWM0OrCZjaSMCy87Hmg5mQH1RRmZfZ4eLWXt7SsnMTdLCIqrOCsH92trOre4XmLY+ u7BxTg5/D9JzyY4HqDwNZawKdem7zSws3hPllGOfQeUSvLbel87Hu6FkSMrNUpD43QMR +e4Ca0w1BfS7sEdaXU/GTU4Qz7es+ff1ymFY3j+GGcdjBz9sewmO/h4WFfFbLnaxVTEG oQ4oicjMBnga6C/y6oJIVhp+ErxHkY7P2Rl4YfqxHuaAIOQvjQAGZ9mhHjjUWOfXk78X rbQQ== X-Gm-Message-State: AE9vXwOTmM965MkfV998yZk3tEGM6RDRlTNzRdc5XHMRxVjzWLqDT1DNEX3nKRFwGvqFjUg2VQev1En/14lQjg== X-Received: by 10.107.30.69 with SMTP id e66mr11695798ioe.107.1473888989013; Wed, 14 Sep 2016 14:36:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.104.133 with HTTP; Wed, 14 Sep 2016 14:36:28 -0700 (PDT) In-Reply-To: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> From: Dewayne Geraghty Date: Thu, 15 Sep 2016 07:36:28 +1000 Message-ID: Subject: Re: Heimdal in base To: Benjamin Kaduk Cc: "freebsd-security@freebsd.org" , "freebsd-current@freebsd.org" X-Mailman-Approved-At: Wed, 14 Sep 2016 22:31:12 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 21:36:30 -0000 Begs the question-what impact to FreeBSD distribution or use will US export control laws have, if FreeBSD migrated to MIT Kerberos? -- *Disclaimer:* *As implied by email protocols, the information in this message is not confidential. Any intermediary or recipient may inspect, modify (add), copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. Nothing in this message may be legally binding without cryptographic evidence of its integrity and/or confidentiality.*