> On May 10, 2015, at 8:57 PM, HawkOwl <hawk...@atleastfornow.net> wrote: > > As per > https://twistedmatrix.com/trac/wiki/CompatibilityPolicy#ProcedureforExceptionstothisPolicy: > > Twisted's PAM support is reliant on a library which a) doesn't materially > exist anymore, b) is blocking, c) is uninstalled on all our buildbots if I'm > correct and so therefore hasn't been tested for ages, and d) requires us to > do insecure things (like setting euid as root). Since it's basically > uninstallable (I can't even find a source tarball newer than 1999) and almost > certainly doesn't work on any Python versions we support, I propose outright > removal, rather than emitting deprecation warnings that literally nobody will > see. > > I have prepared a patch at > https://github.com/twisted/twisted/compare/trunk...remove-pamauth-3728-2 . > Under the deprecation policy's exclusions rule, this branch is given for > people to make sure that their code does not break. Three other committers > will need to also pitch support for this (although I don't think that'll be > an issue ;) ). This patch not only removes PAM, but all of its (unusedness) > in Conch. > > The ticket is available at https://twistedmatrix.com/trac/ticket/3728 and > will be put in review shortly. The buildbot results can be seen at > https://buildbot.twistedmatrix.com/boxes-supported?branch=/branches/remove-pamauth-3728-2 > .
I'm very much in favor of an outright removal in this case, so consider me signed off. Given the gnarly security implications of this thing I would take the unusual step of continuing to approve of removal even if we have a real-life user who might be impacted. That said, lack of actual PAM support (and more generally, platform-integrated user authentication mechanisms) is a sore spot and we should add something less terrible when we can. -glyph _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
