= phenomenon = Several CVE's exist for nagios-plugins, skottler has not been responsive in fixing them.
= background analysis = https://bugzilla.redhat.com/show_bug.cgi?id=1114841 https://bugzilla.redhat.com/show_bug.cgi?id=1098548 https://bugzilla.redhat.com/show_bug.cgi?id=1098531
Many attempts have been made to contact skottler on the above bugs and via email. Scott Wilkerson from upstream Nagios is willing to (co)maintain the package). I, as well as Major Hayden, have agreed to help him with this, and I have agreed to sponsor him into the packager group.
= implementation recommendation = Reassign nagios-plugins to swilkerson (after I sponsor him into packager group), and add myself and mhayden as comaintainer.
I'm +1 to having upstream maintaining this package.
It appears skottler has returned, responding to this thread:
https://bugzilla.redhat.com/show_bug.cgi?id=1098548#c16
However I would still appreciate this being left to discuss at the next FESCo meeting taking into consideration the points I made here:
https://bugzilla.redhat.com/show_bug.cgi?id=1098548#c19
And more, skottler fueling drama, claiming Nagios Enterprises is trying to make a "hostile takeover" of the package:
https://twitter.com/samkottler/status/625767271995174912
To reiterate, David Cafaro from the Fedora Security Team reached out to me asking if I would be willing to help get these security fixes into the package. Not a "hostile takeover" as skottler is proclaiming.
AGREED: jwb to talk to maintainer and work out some mutially agreeable solution (+5,0,0) (nirik, 18:54:06)
any updates here?
The original tickets have not had any update and remain unpatched.
Replying to [comment:6 dcafaro]:
We're aware of that.
I've been in contact with Sam but things are progressing slowly.
From today's FESCo meeting:
14:32 < paragan> #agreed: jwb to commit and build the 2.0.3 update to fix the CVEs (+8, 0, 0)
Please remember that this non-responsive maintainer issue also affects this security bug which wasn't linked to in the original FESCO ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1098549
It's still in need of a patch.
Replying to [comment:10 dcafaro]:
Please remember that this non-responsive maintainer issue also affects this security bug which wasn't linked to in the original FESCO ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1098549 It's still in need of a patch.
I believe that is incorrect.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7535
Kevin filed the epel update 14 days ago.
Ah, thank you, I was unaware of that update. It appears they linked it against the fedora-all ticket and not the epel-all ticket.
Sorry about that. I think I have edited the epel update to point to the correct bugs now.
Testing welcome.
All packages will be orphaned if there is no status update from skottler by 2015-08-31 12UTC.
Done. Packages orphaned:
{{{ user: kevin changed point of contact of package: erlang-js from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-js from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: f21 user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: f22 user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: f23 user: kevin changed point of contact of package: activemq from: skottler to: orphan on branch: master user: kevin changed point of contact of package: erlang-mochiweb from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-mochiweb from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_api from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_api from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-cluster_info from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-cluster_info from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-sext from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-sext from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-poolboy from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-poolboy from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-eper from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-rebar from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_control from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: cppunit from: skottler to: orphan on branch: el5 user: kevin changed point of contact of package: erlang-riaknostic from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riaknostic from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_pb from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_pb from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-basho_metrics from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-basho_metrics from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-eleveldb from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-eleveldb from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_kv from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_kv from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: rubygem-minitest from: skottler to: orphan on branch: el5 user: kevin changed point of contact of package: rubygem-minitest from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-bear from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-bear from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-folsom from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-folsom from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_client from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_client from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_sysmon from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_sysmon from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-mustache from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-mustache from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-basho_stats from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-basho_stats from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-protobuffs from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-protobuffs from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_core from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: f21 user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: f22 user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: f23 user: kevin changed point of contact of package: python-cloudfiles from: skottler to: orphan on branch: master user: kevin changed point of contact of package: erlang-merge_index from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-merge_index from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-getopt from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-getopt from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: el5 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: f21 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: f22 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: f23 user: kevin changed point of contact of package: nrpe from: skottler to: orphan on branch: master user: kevin changed point of contact of package: erlang-bitcask from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-bitcask from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_err from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_err from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: el5 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: f21 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: f22 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: f23 user: kevin changed point of contact of package: nagios-plugins from: skottler to: orphan on branch: master user: kevin changed point of contact of package: riak from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-ebloom from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-ebloom from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: f21 user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: f22 user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: f23 user: kevin changed point of contact of package: rubygem-rgen from: skottler to: orphan on branch: master user: kevin changed point of contact of package: erlang-rpm-macros from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-rpm-macros from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_search from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-riak_search from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-riak_pipe from: skottler to: orphan on branch: epel7 user: kevin changed point of contact of package: erlang-lager from: skottler to: orphan on branch: el6 user: kevin changed point of contact of package: erlang-lager from: skottler to: orphan on branch: epel7 }}}
Login to comment on this ticket.