Bug#532556: cyrus-sasl2: "you must install some of the modules" -> Depends

Steve Langasek steve.langasek at canonical.com
Fri Jun 12 00:50:09 UTC 2009


Hi Fabian,

On Thu, Jun 11, 2009 at 10:25:35PM +0300, Fabian Fagerholm wrote:
> Actually, the sentence does start conditionally. The "must install" part
> only applies if these two conditions are met:

>      1. The user intends to use the package on a server, and
>      2. the user intends to provide SASL authentication on that server.

Well, that's simply not true.  The modules packages also provide the
*client* implementations of a number of these methods, without which clients
that use the cyrus sasl lib can't negotiate these methods with existing
servers.

> So those -modules* packages are not needed for, say, a regular desktop
> machine.

I have a desktop machine for which I require several of them.  And
regardless, the utility of SASL is significantly reduced if it only supports
the default mechanisms built into libsasl2-2.  This is not relevant only on
the server.

> I think we can safely assume that a significant portion of both
> Debian and Ubuntu users don't meet those two conditions. They only have
> libsasl2-2 installed because it happens to be a Priority: important
> package and it's installed automatically. They are probably not even
> aware of it.

No, they have it installed because there are *applications* as part of the
default install that depend on libsasl2-2.  The priority of libraries is
that of the highest package which depends on them.

> Why is libsasl2-2 of important priority? Could we downgrade its
> priority?

No, and the current priority is not a bug.

> libsasl2-2 recommends libsasl2-modules, so the latter is now installed
> automatically. This provides a complete and working setup,
> using /etc/sasldb2 as the backend for storing authentication
> information. The package relationship also allows the user to remove the
> -modules package, which can be useful in some situations: embedded or
> otherwise constrained systems, or because the user simply has no need to
> perform SASL authentication and merely has to have the library installed
> to be able to run some other program.

Really, I would expect users on embedded systems who care about the size of
libsasl2-modules to recompile the applications to omit SASL support
entirely.

But given that libsasl2-2 includes at least one built-in method that's
usable without installing the -modules packages, I concede that Recommends:
is the correct relationship and will amend the Ubuntu package accordingly.
As I said, this was promoted to Depends: back before Recommends were
installed by default, so it's probably not needed anymore at all.

> Going further, libsasl2-modules is required by all the other -modules-*
> packages. It is needed for them to work, because otherwise there are no
> authentication mechanisms to use. There is a difference in function
> between the modules in libsasl2-modules and the modules in the other
> -modules-* packages. The other -modules-* packages provide ways to store
> authentication tokens in something else than /etc/sasldb2, whereas
> libsasl2-modules provides different authentication schemes (listed in
> the package description).

The GSSAPI method is available when the modules packages implementing it
aren't installed?  That's not really consistent with my experience...  I
suspect that the libsasl2-modules-gssapi-* packages should not depend on
libsasl2-modules at all.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org





More information about the Pkg-cyrus-sasl2-debian-devel mailing list