Re: Whose bug is this?

[Sam Hartman <hartmans@debian.org>]

>>>>> "Andrew" == Andrew Suffield <asuffield@debian.org> writes:

    Andrew> On Thu, Nov 15, 2001 at 01:41:34PM +0100, Roland Mas
    Andrew> wrote:
    >> So?  Whose fault is this?  Probably not mine, because I can't
    >> find any reason I shouldn't have LDAP users.  Is it bash's
    >> fault (/bin/sh is a symlink to bash here), for keeping its
    >> libraries open?


    Andrew> I'd be inclined to say that if libnss is going to use
    Andrew> libldap, libldap should be in /lib. But that's just IMO.

Moving all the libraries that nss modules depend on into /lib has
significant undesirable properties.  There is a minor problem in that
we need to provide compatibility symlins from /usr/lib to preserve ABI
compatability with binaries from other distributions.  This may only
matter for rpath, but even that is sufficient that we care.

We also would tend to get a very large root very quickly.  Consider
that libnss-ldap indirectly depends on SASL.  You want this
dependency; using strong authentication for your NSS information is
good.  It is unfortunate the current code in libnss doesn't actually
export an interface to this.

But depending on SASL implies that a shell might reasonably try to
pull in arbitrary SASL plugins.  That implies moving things like
libssl into /lib now.  Once libldap is linked directly against libssl,
you definitely have to move it into /lib.

What a mess.