shibboleth repository for SLES 12 SP5

[Cantor, Scott]

On 2/19/20, 4:56 AM, "users on behalf of UM-IT" <users-bounces at shibboleth.net on behalf of UM-IT at lrz.uni-muenchen.de> wrote:

> Good hint! And it looks good - a few people from SuSE seem to be active on the shibboleth-sp package (I anonymized
> the names - if you need a direct contact I could send you the mail addresses, but I don't want to publish them on this list
> open without the permission of their owners). Are these all security relevant patches since 2.5.5?

They're spread across many different dependencies. It strongly suggests they're patching it,  but if you really wanted to know you'd have to look at each of the advisories we published since 2017 or so and see if all of them show up in some form in the relevant packages (xmltooling in particular, possibly xml-security and xerces, etc).

It really depends on what the eventual packaging process looks like as to whether we can continue to put out this one exception case (or even expand to produce more because it's just not difficult). It just doesn't exist right now so there's no way for me to know what's going to be practical.

But my advice is pretty much always to rely on what comes with the OS and if that's not good enough, use a different OS.

Since those packages seem viable, I will probably at least officially drop stated packaging support for 12 even though they'll probably continue coming out for a while.

-- Scott