As suggested on the samba-team list by Bjorn. Patch to WHATSNEW.txt to follow.
Created attachment 17214 [details] git-am fix for 4.16.rcNext.
Created attachment 17215 [details] WHATSNEW upate with rewritten wording This covers the old SMB1 commands and the Heimdal upgrade.
I spent some time trying to understand this and put it into words that might be more useful to our users. I also took the liberty to expand what we 'also deprecate' (which is sort of pointless, we did all of SMB1 in 4.11, and there is no code change) to anything before the modern NT 0.12 protocol.
Comment on attachment 17215 [details] WHATSNEW upate with rewritten wording Bjorn, would be interested to know your opinions on this rewrite. I'm fine with it, but we'll need to SQUASH the changes into one patch for the "unsupported commands" change.
(In reply to Jeremy Allison from comment #4) Quite fine with the squash, wanted just to be clear for the review.
BTW, CORE support went long ago, along with 'security=share' :-)
"One of those in" should be "One of those is", right?
Created attachment 17218 [details] WHATSNEW upate with rewritten wording (squashed) v2 Updated per feedback and squashed.
Created attachment 17219 [details] WHATSNEW upate with rewritten wording (squashed) v3 (was wrong patch, missed the Heimdal 8.0 note)
Comment on attachment 17219 [details] WHATSNEW upate with rewritten wording (squashed) v3 "We make a warning that we will continue to remove older protocol commands and dialects that are unused or replaced in more modern commands SMB1 versions." should be: "If needed for security purposes or code maintenance we will continue to remove older protocol commands and dialects that are unused or have been replaced in more modern SMB1 versions."
(In reply to Jeremy Allison from comment #10) Other than that LGTM (for the SMB1 protocol part). Thanks for doing the clarification Andrew !
Created attachment 17221 [details] WHATSNEW upate with rewritten wording (squashed) v4 I was so offended when I saw the review-, but I got over it when I saw the suggested wording. I've also clarified the deprecation pre NT1, hopefully I've got the details right.
Created attachment 17222 [details] WHATSNEW upate with rewritten wording (squashed) v5
I've spent enough time on edits and uploads, I assign all rights to address further clarification, spelling fixes and poor grammar to whoever commits the patch. (I do wish we did these and CVE announcements in a wiki or such).
Assigning to Jule while I we for final acks so this is known to be inbound.
Comment on attachment 17222 [details] WHATSNEW upate with rewritten wording (squashed) v5 Samba's winbindd will use it to protect logins from pam_winbind for example. That's wrong! We only use FAST in TGS-Requests for now. Using if for pam_winbind logons requires us to explicitly pass an armor_ccache to the kinit code, not much work, but it's not there yet.
Sorry, I've got no more bandwith (the SMB1 text took quite some time to get right).
I suggest just adding the words 'a future Samba could...' then. Was just trying to explain why this wasn't a totally pointless effort.
(In reply to Andrew Bartlett from comment #18) I just removed it and pushed to 4.16, see https://git.samba.org/?p=samba.git;a=commit;h=e79f04a317906b1fbd9a53c831800088e2aab680 We should announce future stuff when they are done. I guess a future 4.16.x release could even get support for that...