Request For Comments: SASL transition and OpenLDAP

Fabian Fagerholm fabbe at paniq.net
Sat Oct 21 15:53:52 UTC 2006


Greetings, OpenLDAP Team!

As you may have read on debian-devel [0], the Debian Cyrus SASL Team [1]
is working on an improved Cyrus SASL package with the new upstream
version. During the last few weeks, our pace has increased and there is
a strong desire within the team to push for inclusion in etch.

[0] http://lists.debian.org/debian-devel/2006/10/msg00664.html
[1] http://pkg-cyrus-sasl2.alioth.debian.org/

The new Cyrus SASL version (2.1.22) includes code to fetch
authentication data directly from an LDAP catalogue without using the
in-between saslauthd daemon. In practise, this means we need to
build-depend on OpenLDAP. However, OpenLDAP depends on SASL, creating a
chicken-and-egg problem which requires some careful planning to sort
out. It inevitably involves the OpenLDAP Team.

The basic plan is as follows:
     1. The Cyrus SASL Team uploads a version of cyrus-sasl-2.1 with
        LDAP support disabled. This package will replace the old SASL
        package.
     2. The OpenLDAP Team uploads a new build of OpenLDAP, built against
        the new SASL package.
     3. The Cyrus SASL Team uploads a build of cyrus-sasl-2.1 with LDAP
        support enabled.

Since we are getting closer and closer to a release of etch, since this
routine involves extra work for you, and since we understand the
implications of this transition to other packages, we are asking for
your comments on this plan. Our question at this time primarily concerns
your work load and your overall attitude to our proposed plan. Technical
details are not the primary question at this point, as they are part of
the transition work, but we can certainly discuss them if you feel it is
necessary.

If you want to check out our work so far, please take a look at our SVN
repository [3,4]. Also, you should be aware of the fact that we have
spoken with the Release Managers and gotten a "maybe, if certain
conditions are met" reply, and we have not yet approached the
FTP-masters.

[3] svn+ssh://svn.debian.org/svn/pkg-cyrus-sasl2
[4] http://svn.debian.org/wsvn/pkg-cyrus-sasl2

What are your thoughts?

Kind regards,
-- 
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20061021/fccae360/attachment.pgp


More information about the Pkg-cyrus-sasl2-debian-devel mailing list