Patch consideration question for crypt in libsasl2

Henrique de Moraes Holschuh hmh at debian.org
Sun Oct 15 03:02:08 UTC 2006


On Sat, 14 Oct 2006, Roberto C. Sanchez wrote:
> A patch [0] was proposed a while back on the cyrus-sasl list to allow
> crypt in libsasl2.  The original message [1] is also available.  Anyhow,

We should not accept that patch *ever* in any other format than a "optional,
*disabled by default* thing you should enable only if you know what you are
doing".  And I would not include it even in that form.  

It breaks auxprop plugins, which is a fundamental way of how Cyrus SASL
works.  It requires disabling globally some auth methods [that require the
cleartext password to generate challenges] when the feature is enabled too,
if the patch doesn't do this, please reject it without futher consideration.

> I'd like to hear people's opinions on this.  My vote (for the Debian
> people) is that if upstream says that they don't want the patch, that we
> close the bug and be done with it.

Upstream didn't want the patch.  They may change their mind (they have done
so with the 8-bit stuff in cyrus imapd headers, which goes against *all*
RFCs), though.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh



More information about the Pkg-cyrus-sasl2-debian-devel mailing list