The seeding [1] of it is also quite clear on why it is still there. """ # This stack is no more very relevant, but was in the early days of internet # dialin. This stack is a candidate for demotion, but OTOH received no # bugs/CVEs over the last years and therefore can stay as-is for now. # ppp itself is still recommended by network-manager and thereby has quite # an install base. """
Removing is maybe too hard as Steve outlined, but what about at least demoting to universe (to encourage it a bit less)? The seed change to the section linked above would be trivial, but it would need coordination with the Desktop variants as a dependency to network-manager-pptp is in most of the meta packages. reverse-depends --release=noble src:network-manager-pptp Reverse-Recommends ================== * network-manager (for network-manager-pptp) * ubuntu-budgie-desktop [amd64 arm64 armhf ppc64el] * ubuntu-budgie-desktop-minimal [amd64 arm64 armhf ppc64el] * ubuntu-budgie-desktop-raspi [arm64 armhf] * ubuntu-desktop [amd64 arm64 armhf ppc64el] * ubuntu-desktop-minimal [amd64 arm64 armhf ppc64el] * ubuntu-mate-core (for network-manager-pptp-gnome) * ubuntu-mate-desktop (for network-manager-pptp-gnome) * ubuntu-unity-desktop [amd64 arm64 armhf ppc64el] * ubuntukylin-desktop (for network-manager-pptp-gnome) * vanilla-gnome-desktop [amd64 arm64 armhf ppc64el] * xubuntu-desktop (for network-manager-pptp-gnome) * xubuntu-desktop (for network-manager-pptp) Reverse-Depends =============== * lomiri-indicator-network (for network-manager-pptp) It comes at a comfort loss though, since this is depended on by all those meta packages to work right away in a fresh install, which would be a behavior that will be lost. Also if there is a CVE, then only people using ubuntu pro would get a fix. Which is free for personal use, but those forced to use pptp are likely people with non-personal use of outdated infrastructure. So we'd make the world a bit less secure as likely not all would get the fixes then. Still I'd want to know from Steve and Seth which discussed so far - what would you think about that as a compromise? [1]: https://git.launchpad.net/~ubuntu-core-dev/ubuntu- seeds/+git/platform/tree/supported-misc-servers#n190 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2041751 Title: RM: Remove dangerously insecure MPPE PPTP from Ubuntu Status in linux package in Ubuntu: New Status in network-manager-pptp package in Ubuntu: New Status in pptp-linux package in Ubuntu: New Status in pptpd package in Ubuntu: Incomplete Bug description: Remove dangerously insecure MPPE PPTP from Ubuntu https://pptpclient.sourceforge.net/protocol-security.phtml It has been dead for over 20 years now. IPSec OpenVPN Strongswan are much better alternatives. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2041751/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
