On 28/11/24 11:28, Michal Politowski wrote:
POSIX explicitly limits itself of a subset of ASCII, so it is not going to
mandate any normalization form. Are there other standards (or initiatives)
in this area that you know of?
What about RFC 8265?
"Preparation, Enforcement, and Comparison of Internationalized Strings Representing
Usernames and Passwords"
https://datatracker.ietf.org/doc/html/rfc8265
Thank you Michal for the pointer.
RFC 8265 (and the associated RFC 8264 "PRECIS Framework: Preparation,
Enforcement, and Comparison of Internationalized Strings in Application
Protocols") looks exactly what all login-related programs should
implement in order to avoid the kind of errors described in
<https://lists.debian.org/debian-devel/2024/11/msg00491.html>.
But a cursory search shows that none of the current upstreams support
(or mention) PRECIS. (It also shows that src:precis is a Java library
squatting a bit on that package name... :))
Regards,
--
Gioele Barabucci
