|   | 
| 
 | 
Message-ID: <35b4b85c-f411-421a-a29f-d25bd7797a33@catalyst.net.nz> Date: Fri, 17 Oct 2025 10:09:51 +1300 From: Douglas Bagnall <douglas.bagnall@...alyst.net.nz> To: Demi Marie Obenour <demiobenour@...il.com>, oss-security@...ts.openwall.com Subject: Re: Samba security releases for CVE-2025-10230 and CVE-2025-9640 On 17/10/25 07:37, Demi Marie Obenour wrote: > On 10/15/25 22:18, Douglas Bagnall wrote: >> Anyway, the summary is the Samba 3/4 history has left us with >> unmaintained pockets within our codebase that we ignore because we >> assume nobody is using them, but which we don't delete because maybe >> somebody is using them. There may not be very many more. > > Would it make sense to announce that they are deprecated, and then > remove them in the next release? Yes. That is vaguely the plan in this case: [ excerpt from https://bugzilla.samba.org/show_bug.cgi?id=15903#c8 ] >> We should do things in this order: >> >> 1. backport the fix. >> 2. remove source4 wins hook from master/4.next. though I did not put deprecated markers in the security patch, and now there is no urgency... We will probably deprecate in the next release, and remove after that, depending on whether users show up. As for other bits, we are slowly deduplicating where we can, for example: https://gitlab.com/samba-team/samba/-/merge_requests/4219 Douglas
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.