[MIR] accountsservice
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
accountsservice (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Moya |
Bug Description
Binary package hint: accountsservice
1. Availability - already packaged & builds in Ubuntu universe since Maverick & Debian experimental
2. Rationale - The new gnome-control-
3. Security - Since this is an official external dependency of GNOME, and actively maintained by the same people working on the user accounts panel in gnome-control-
4. QA - There are no open bugs for this package as of today -> https:/
5. UI - accountsservice is a service, so there is no UI
6. Dependencies - libc6, libdbus-1-3, libdbus-glib-1-2, libglib2.0-0, libpolkit-
7. Standards-compliant 3.9.2
8. Maintenance - We are currently in sync with Debian
9. Background information - Development of accountsservice started in 2010
Related branches
- Ubuntu branches: Pending requested
-
Diff: 62 lines (+45/-0)3 files modifieddebian/accountsservice.postinst (+21/-0)
debian/accountsservice.prerm (+16/-0)
debian/changelog (+8/-0)
description: | updated |
Changed in accountsservice (Ubuntu): | |
assignee: | nobody → Didier Roche (didrocks) |
Changed in accountsservice (Ubuntu): | |
status: | Incomplete → In Progress |
status: | In Progress → Incomplete |
Changed in accountsservice (Ubuntu): | |
assignee: | Rodrigo Moya (rodrigo-moya) → Kees Cook (kees) |
status: | Incomplete → New |
Packaging and code looks good to me.
Not that the testsuite is disabled at built time as all test are using dbus.
However, this package enables (and uses from g-c-c) sending the password hint over dbus. I'm not sure what the security concerns on that part can be (as 3rd part application can sniff the password hint?). Isn't that kind of issue which made /etc/passwd password to be in a root-owned file /etc/shadow?
Subscribing the security team to have some input on that.
If the package is approved, then, feel free to assign me back to do the promotion