Overview
Request 454027 revoked
add PAM faillock module (as a better-than alternative to tally2)
- Created by jenewton
- In state revoked
- Package maintainer: vlefebvre
- Supersedes 454002
- Open review for ckornacker
- Open review for bigironman
- Open review for mcalmer
Request History
jenewton created request
add PAM faillock module (as a better-than alternative to tally2)
jenewton added kukuk as a reviewer
jenewton added ckornacker as a reviewer
jenewton added bigironman as a reviewer
jenewton added mcalmer as a reviewer
kukuk declined review
Building this in an own package was really simple:
https://build.opensuse.org/package/show/Linux-PAM/pam_faillock
kukuk declined request
Building this in an own package was really simple:
https://build.opensuse.org/package/show/Linux-PAM/pam_faillock
jenewton revoked request
fantastic work @kukuk - may more government customers come SUSE's way - still got some catching up to do on the SCAP front but this was an important step.
I do have to make a note though that your really easy fix was easy for you as I figured it was from the beginning. autotools and the whole pam build system / proper way of doing things is confusing AF. I have my hands in alot of different things in different domains but none of them feel quite so slow and painful as banging my head against the wall with that combination. I wouldn't have thought of packaging it up like you did, 76 file tar archive and all for the rest of time. I really am happy to see you close this out though and that you spent some time on it.
I would suggest to package this as standalone package, like we do with other PAM modules, too. Makes all things much easier.
I've reviewed a few of the other libraries and there's an ugly maintenance problem that comes up. The other projects (at least the 4 I inspected) all refer to stand-alone projects that are meant to be built out of tree. That's not the way the author supplies the patch though.
What is the issue in building building in-tree and shipping in pam-modules again?
Is there a half way point here of a separate package inside the pam.spec so we can still build this in-tree? You still would get a package someone has to explicitly ask for that isn't necessarily default and that would still make security folks happy.
@jmoellers: review reminder