Comment 7 for bug 1347147

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I don't follow all of the conversation here. Is it clear that the workaround suggested (https://github.com/krb5/krb5/commit/26d8744129) is still valid, should be applied to the version of krb5 in Utopic, will fix the version in Utopic, won't introduce any regression, and will be released by upstream? If someone can confirm these things, then we can get it landed in Ubuntu.

Next, for Trusty, we need the steps in https://wiki.ubuntu.com/StableReleaseUpdates#Procedure followed - in particular, a test case that has exact steps to reproduce the problem with a slave KDC so that the problem can be verified fixed with the new proposed binary during stable verification testing, and an understanding of impact to users and potential regression risk so that the SRU team can make a decision about whether this fix is acceptable to SRU to Trusty.

I understand that this is potentially difficult to reproduce and verify. This is fine and we can be pragmatic about it, but if this is the case then extra clarity around these issues would be appreciated. For verification, we'll still want to exercise the code around the areas changed to make sure that we haven't fundamentally broken anything, and so a test case is still useful even if it comes with the caveat that it may not always fail.

Setting to Triaged since upstream consider this a valid bug, and that's good enough for me. I've not set Importance because it isn't clear to me yet what proportion of production krb5-kdc slave users are or would actually be affected.