On Mon, Feb 04, 2019 at 02:39:16PM +0100, Markus Wanner wrote:
> On 2/3/19 10:51 PM, Josip Rodin wrote:
> > If it's an upstream issue that can't be fixed with packaging, then
> > tag it upstream and forward it, as the fine manual teaches you to.
>
> Well, I think of it as a feature, not a bug, so I see no reason to
> forward anything. Think of authlib as a general abstraction layer over
> several different ways to manage user accounts. This certainly includes
> the ability to change a users password.
I can't say I agree with this approach, since the scope seems arbitrarily
drawn -- the name of the library says authentication, and that is widely
understood to be the ability to verify a user's identity (read-only), which
is typically distinct from the ability to manipulate the authentication
credentials (read-write).
But what actually led me here was the practical aspect. Compare:
% sudo apt install courier-authlib --no-install-recommends
[...]
The following NEW packages will be installed:
courier-authlib libltdl7
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 472 kB of archives.
After this operation, 733 kB of additional disk space will be used.
% sudo apt install courier-authlib
[...]
The following NEW packages will be installed:
courier-authlib expect libdrm-amdgpu1 libdrm-intel1 libdrm-nouveau2
libdrm-radeon1 libdrm2 libfontenc1 libgl1-mesa-dri
libgl1-mesa-glx libglapi-mesa libice6 libllvm3.9 libltdl7 libpciaccess0
libsensors4 libsm6 libtcl8.6 libtk8.6 libtxc-dxtn-s2tc
libutempter0 libx11-xcb1 libxaw7 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0
libxcb-present0 libxcb-shape0 libxcb-sync1 libxcomposite1
libxdamage1 libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxmu6 libxmuu1
libxrandr2 libxrender1 libxshmfence1 libxss1 libxt6
libxtst6 libxv1 libxxf86dga1 libxxf86vm1 tcl-expect tcl8.6 tk8.6 x11-common
x11-utils xbitmaps xterm
0 upgraded, 54 newly installed, 0 to remove and 0 not upgraded.
Need to get 22.1 MB of archives.
After this operation, 179 MB of additional disk space will be used.
Why a security-related library would ever lead to this kind of a thing,
that just seems like something somewhere went horribly wrong.
> > (I'm not sure why people are so anxious to close bug reports these days...)
>
> The former courier maintainer was blamed to have closed issues too
> quickly without really taking care. I'm trying to avoid that.
>
> Can I take that question as an okay to close the issue, then?
I have no idea how you could interpret the above sentence like that.
--
2. That which causes joy or happiness.