Re: demoting a dependency

[Russ Allbery <rra@debian.org>]

Mike Hommey <mh@glandium.org> writes:
> On Tue, Mar 31, 2009 at 03:21:02PM +0200, Marco d'Itri <md@Linux.IT> wrote:

>> Is there a more elegant way to do this?
>
> You just don't do it like that, because:
> $ ldd /usr/lib/news/bin/auth/passwd/auth_krb5 | grep com_err
>         libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7f2f000)
>
> If you don't want to depend on libcomerr2, don't depend on it. It's not
> because libkrb5-3 already depends on it that it's a proper thing to
> remove the dependency that way. What happens when libkrb5-3 depends on
> libcomerr3 ?

The fundamental problem is that auth_krb5 is horrible (I say this as the
upstream maintainer of the package).  It really needs to be rewritten
completely against a Kerberos API that isn't 10 years old.  There's no
reason why it should have to be calling com_err directly with the Kerberos
libraries in even lenny.  I just haven't had the chance to do that.

Also, for most usage situations, one really wants to just use INN's PAM
support rather than a Kerberos-only password authenticator and configure
nnrpd to use pam_krb5.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>