[4036] in Release_7.7_team
Minutes of 2003-10-01 release team meeting
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Oct 1 14:18:17 2003
Date: Wed, 1 Oct 2003 14:18:16 -0400
Message-Id: <200310011818.OAA00437@equal-rites.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-team@MIT.EDU
Attending: ghudson amb wdc zacheiss miki rbasch
1. Patch release
Due to OpenSSL denial of service vulnerabilities, we should turn the
crank on a new patch release. It should also have local Java and a
fix for tetex's listings.sty.
2. Password encryption
At login time, we encrypt the first eight characters of the user's
password and drop that into the shadow file, mostly for the sake of
the old SIPB xscreensaver. As a side effect, our screensaver will
only verify the first eight characters of the password.
One possible solution is to use a more capable encryption algorithm
for the shadow password, but it's probably better to just stop putting
the crypted password in the shadow file at all.
We will do nothing for this full release; for the next full release we
will remove the libal support for setting the local crypted password.
3. Disconnectable operation issues
We have most of the technical pieces in place for disconnectable
operation. But we haven't really resolved the issues surrounding
local homedirs.
* We need a script to create them easily.
* Should they have the same name as the Athena account? If so,
perhaps we should hack xlogin so that you can do a login with your
Athena homedir. If not, we would need a way to know what Kerberos
tickets to get.
We also need a solution for running important software when off the
net, such as Star Office (perhaps Open Office would be more tractable,
from a legal perspective). The local-lockers framework might be a
good start, but it's not clear that the way it updates is right for
disconnectable machines.
There are also some general Athena usability issues which bear on
disconnected operation:
* The install should handle Windows partition resizing. Andrew will
work on this.
* Using Athena on a laptop demands some up-front machine
administration (setting up a local account). Right now our
machine administration features are all targeted at power users;
perhaps a root login session should spawn an administration GUI in
some of the currently empty screen real estate. Initial features
could include:
- Take an update (updates with X running are fine these days)
- Edit selected /etc/athena/rc.conf values
- Change hostname and IP address
- Change access privileges
- Create local account for disconnected operation
No one is currently allocated to implement this.
4. Delegation-only BIND patches
In the absence of genuine technical hardship, we're not going to turn
these on by default, and we're not going to introduce the
functionality into the current full release. We expect that the next
full release will contain a BIND upgrade which will contain the
functionality, if a private workstation owner wants to turn it on.
5. Status report
Sent under separate cover.
