Re: String additions to 'gdm2.gnome-2-20'

[Claude Paroz <claude 2xlibre net>]

Brian, thanks for your thorough explanation.
I tend to approve this, because I know that most other programs don't
translate debug messages and it wouldn't be fair to disadvantage you for
doing this.
Formally, we need a second approval though.
And please, next time ask before committing!

Regards,

Claude

Le mercredi 10 octobre 2007 �2:36 -0500, Brian Cameron a �it :
> Claude/Others:
> 
> Apologies for breaking string freeze in GDM 2.20.  However, I think that
> this change is acceptable for the following reasons, mainly reason #2
> which is a security issue.  I think, in this case, security trumps
> translation.  However, I do recognize that I should have sent an email
> to the gnome-i18n list to let people know about this change.  Sorry for
> not doing that.
> 
> 1) These strings are in debug messages, which are only used when debug
>     is turned on.  These debug messages are sent to the system log
>     (/var/log/messages or /var/adm/messages depending on your OS).
> 
>     I am not sure it really adds value to even translate such debug
>     messages anyway.  When people provide debug logs to bugzilla, etc.
>     translated messages can make it harder for the people who maintain
>     GDM, who typically speak English, to help debug the problem.
> 
> 2) These messages replaced older messages which included the login user
>     in the message.  Bugzilla bug #484750 pointed out that if a user
>     were to, by accident, type their password into the username field
>     that this would cause their password to get logged to syslog, which
>     we should avoid doing ever.
> 
> 3) These debug messages are only used when the user configures GDM
>     to use crypt or shadow passwords, which are not typically used.
>     Most users use PAM.  So these messages only affect a small number
>     of GDM users.  The commonly used PAM code is smarter about not ever
>     logging the username to the system log.
> 
> I recommend that we not worry about whether these debug messages are
> translated.  Or, I can change these strings so they aren't marked for
> translation if that makes things easier.  As I said, I don't think it
> adds any significant value to translate these messages.  Or, I could
> remove the messages completely from the code if people think that is
> a better choice.
> 
> Since this affects security, it might also make sense to backport
> a similar change to older GDM releases.  I'm not sure if there are
> distros/people out there who configure/use older versions of GDM with
> shadow/crypt passwords.  If so, let me know and I can make a release
> of older versions of GDM's with this security issue fixed.
> 
> Please advise if you think further work is needed to fix this issue
> properly.
> 
> The GDM documentation recommends that people not leave on debug, and
> I would like to further stress that users who have configured GDM
> to use shadow/crypt passwords should ensure that they have debug
> turned off to avoid this sort of problem.  Debug is only intended to
> be used briefly when trying to figure out why GDM may not be
> functioning properly.
> 
> Brian
> 
> 
> > Le mercredi 10 octobre 2007 �1:19 +0100, GNOME Status Pages a �it :
> >> This is an automatic notification from status generation scripts on:
> >>     http://l10n.gnome.org/.
> >>
> >> There have been following string additions to module 'gdm2.gnome-2-20':
> >>
> >>     + "Cannot get passwd structure for user"
> >>     + "Cannot get passwd structure"
> >>     + "Cannot set user group"
> >>     + "User not allowed to log in"
> >>     + "User password has expired"
> >>
> >> Note that this doesn't directly indicate a string freeze break, but it
> >> might be worth investigating.
> > 
> > Hi Brian,
> > 
> > This seems to be clearly a string freeze breakage (from verify-crypt.c).
> > Could you please revert the changes, and explains to the list why you
> > think this should really go into gnome-2-20 branch?
> > 
> > Regards,
> > 
> > Claude
> >