Bug#830844: Pending fixes for bugs in the libauthen-krb5-perl package
Damyan Ivanov
dmn at debian.org
Tue Jul 12 11:24:45 UTC 2016
-=| Sergio Gelato, 12.07.2016 11:51:20 +0200 |=-
> > https://anonscm.debian.org/cgit/pkg-perl/packages/libauthen-krb5-perl.git/commit/?id=3558a41
>
> You may have missed a documentation reference in Krb5.pm:
> -------
> =item get_krbhst(realm)
>
> Returns a list of the Kerberos servers from the specified realm.
Oh, I missed the "PREFIX = krb5_" thing in MODULE description and
looked only for "krb5_get_krbhst".
> -------
> which raises the issue of how much Perl code out there may call
> Authen::Krb5::get_krbhst($realm) .
None in Debian:
https://codesearch.debian.net/search?q=get_krbhst&perpkg=1
And whoever used that method in some non-packaged stuff would have
seen the undefined symbol error already.
> As far as my own needs are concerned it's OK to drop this function,
> but it is an API change and may deserve a bump in the module's version number.
>
> Alternatively, one could lift the implementation of krb5_get_krbhst (in terms
> of profile_get_values, which is a public interface) from older libkrb5, or
> provide a new one if there are licensing issues. Of course this is more
> work and best left to upstream.
>
> As a stop-gap, maybe one could keep Authen::Krb5::get_krbhst but with a
> dummy implementation that always returns undef?
Latest upstream release is from 2010 and RT at
https://rt.cpan.org/Public/Dist/Display.html?Name=Krb5 seems like it
was never touched.
I am inclined to drop get_krbhst from the POD and move on. Yes, that
would be API breakage, but that part of the API was already broken,
and the patch fixes the PERL_DL_NONLAZY=1 use case so it seems like an
improvement to me.
If an implementation using public Kerberos API appears later, amending
would be easy. I myself don't feel qualified to write such
implementation.
Better approaches welcome, of course. I won't rush with the POD
removal.
More information about the pkg-perl-maintainers
mailing list