Patch consideration question for crypt in libsasl2
Henrique de Moraes Holschuh
hmh at debian.org
Sat Oct 14 23:02:08 EDT 2006
On Sat, 14 Oct 2006, Roberto C. Sanchez wrote:
> A patch [0] was proposed a while back on the cyrus-sasl list to allow
> crypt in libsasl2. The original message [1] is also available. Anyhow,
We should not accept that patch *ever* in any other format than a "optional,
*disabled by default* thing you should enable only if you know what you are
doing". And I would not include it even in that form.
It breaks auxprop plugins, which is a fundamental way of how Cyrus SASL
works. It requires disabling globally some auth methods [that require the
cleartext password to generate challenges] when the feature is enabled too,
if the patch doesn't do this, please reject it without futher consideration.
> I'd like to hear people's opinions on this. My vote (for the Debian
> people) is that if upstream says that they don't want the patch, that we
> close the bug and be done with it.
Upstream didn't want the patch. They may change their mind (they have done
so with the 8-bit stuff in cyrus imapd headers, which goes against *all*
RFCs), though.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Cyrus-sasl
mailing list