Comment 1 for bug 950193
Revision history for this message
| Jamie Strandboge (jdstrand) wrote Re: [FFe] [MIR] Cobbler | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
- The package is not lintian clean
- It ships its own tftpd server, which is undesirable
- Has had 5 CVEs assigned since 2009.
- It ships an upstart job that runs cobblerd. While it listens on the loopback interface and is written in python, it runs as root
- While I did not perform an in depth audit, the most cursory inspection of code shows that various parts of it are not coded well (eg, use of 'os.system', predictable filenames, etc)
I don't think cobbler is supportable for 5 years and would greatly prefer to keep it out of main. I am in discussions with the server team on alternatives. If maas moved away from cobbler (LP: #975473) in the 12.04.1 timeframe, it might be acceptable to keep cobbler in main with 18 months support (with a release note stating this), but a condition of the main inclusion would be an apparmor profile.