On Wed, Sep 21, 2011 at 08:42:48AM -0500, Brooks Davis wrote: > On Tue, Sep 20, 2011 at 05:21:03PM -0700, Xin LI wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On 09/20/11 15:51, Kostik Belousov wrote: > > [...] > > > Yes, the question of maintanence of the OpenLDAP code in the base > > > is not trivial by any means. I remember that openldap once broke > > > the ABI on its stable-like branch. > > > > That happen a few times however these are either not essential client > > library (libldap and liblber) API or it's not changing parameters or > > removing interfaces. Moreover, like the base libbsdxml.so, it's only > > intended to be used by base system only so it's relatively easier to > > maintain ABI stability, e.g. we can probably just expose only symbols > > that we use, etc. > > > > > Having API renamed during the import for the actively-developed > > > third-party component is probably a stopper. I am aware of the > > > rename done for ssh import in ssh_namespace.h, but I do not think > > > such approach scale. > > > > That's right. We did use a similar approach but again, if it's just > > libldap and liblber, the change would be quite slow over years. We do > > need to patch files. > > > > > Would the import of openldap and nss + pam ldap modules in src/ > > > give any benefits over having openldap and ldap nss + pam modules > > > on the dvd1 ? > > > > Well, for ldap nss + pam models, people usually want them to "just > > work" rather than wanting new features provided by a port installed > > OpenLDAP. That's said, the user expects he can update any port > > without risking into being locked out from the system plus these > > modules can be upgraded or updated with existing binary update mechanisms. > > This is certainly the largest benefit. I used a variant of pam_ldap for > authentication at $WORK for many years and the instability of the > OpenLDAP API was a constant headache. > > That isn't to say that importing it into base is the only possible > solution. It is likely the most straightforward. >
Base package system that comes pre-installed ? or just ships with the discs ? > -- Brooks _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
