Re: [Netatalk-devel] Reviving Netatalk 2

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Daniel,

there are a bunch of security issues in Netatalk for which I have 
created fixes for Netatalk 3. Coordinated disclosure and release will 
probably be in the next 2-3 weeks.

I'm not going to do backports for 2.x, if you like to take care of this, 
I'm attaching the current set of patches. Please treat them 
confidentially, eg please don't push them to gitlab in MRs.

If you created backports, send them to me and I'll take care of 
including them in the 2.x branch and including them in a 2.x release at 
the same time I'm doing the 3.1 release.

Cheers!
-slow

On 3/15/22 20:15, Daniel Markstedt wrote:
> Hi Ralph,
> 
> Huge thanks for reviewing & merging those PRs the other week!
> I put up a follow-up PR 
> <https://github.com/Netatalk/Netatalk/pull/170>for the date stamp patch 
> to do it in an AFP3 compliant fashion, for whenever you have a moment to 
> spare.
> 
> I also took the liberty of drafting a changelog 
> <https://github.com/Netatalk/Netatalk/pull/169>for a potential upcoming 
> release.
> Wouldn't it be neat to cut a new Netatalk 2 release before #MARCHintosh 
> 2022 ends. Just sayin'. :)
> 
> Best,
> Daniel
> 
> On Sun, Jan 30, 2022 at 4:31 PM Daniel Markstedt <mar...@gm... 
> <mailto:mar...@gm...>> wrote:
> 
>     Hi Ralph,
> 
>     It’s encouraging to hear that this is still on your radar!
>     Yes, since you made me aware of the Samba guidelines a few weeks
>     ago, I’ve taken steps to clean up most of the PRs.
>     It’d be great to get some early feedback on whether they’re up to
>     Netatalk project standards now or not.
>     Perhaps just a spot check or two?
> 
>     Best,
>     Daniel
> 
>     On Sun, Jan 30, 2022 at 12:18 PM Ralph Boehme <sl...@sa...
>     <mailto:sl...@sa...>> wrote:
> 
>         Hello Daniel
> 
>         On 1/30/22 19:57, Daniel Markstedt wrote:
>          > *TL;DR;*
> 
>         thanks a *lot* for your contributions and sorry for taking so
>         long to
>         review and merge your patches.
> 
>         I'm currently busy working on some security issues, so your MRs
>         will
>         have to wait a wee bit longer, sorry! Hopefully I get to review
>         the MRs
>         in the next weeks.
> 
>         I haven't really looked at the patches yet, so I have no idea
>         what shape
>         they're in. For a smooth process I would advise reading
> 
>         https://wiki.samba.org/index.php/Creating_a_Samba_patch_series
>         <https://wiki.samba.org/index.php/Creating_a_Samba_patch_series>
> 
>         Especially
> 
>         <https://wiki.samba.org/index.php/Creating_a_Samba_patch_series#Polished_pearls
>         <https://wiki.samba.org/index.php/Creating_a_Samba_patch_series#Polished_pearls>>
>         <https://wiki.samba.org/index.php/Creating_a_Samba_patch_series#Good_patches_and_better_patches:_Samba_is_git_patches_as_performance_art
>         <https://wiki.samba.org/index.php/Creating_a_Samba_patch_series#Good_patches_and_better_patches:_Samba_is_git_patches_as_performance_art>>
> 
> 
>         Thanks!
>         -slow
> 
>         -- 
>         Ralph Boehme, Samba Team https://samba.org/ <https://samba.org/>
>         SerNet Samba Team Lead https://sernet.de/en/team-samba
>         <https://sernet.de/en/team-samba>
> 