Re: Whose bug is this?
>>>>> "Andrew" == Andrew Suffield <asuffield@debian.org> writes:
Andrew> On Thu, Nov 15, 2001 at 01:41:34PM +0100, Roland Mas
Andrew> wrote:
>> So? Whose fault is this? Probably not mine, because I can't
>> find any reason I shouldn't have LDAP users. Is it bash's
>> fault (/bin/sh is a symlink to bash here), for keeping its
>> libraries open?
Andrew> I'd be inclined to say that if libnss is going to use
Andrew> libldap, libldap should be in /lib. But that's just IMO.
Moving all the libraries that nss modules depend on into /lib has
significant undesirable properties. There is a minor problem in that
we need to provide compatibility symlins from /usr/lib to preserve ABI
compatability with binaries from other distributions. This may only
matter for rpath, but even that is sufficient that we care.
We also would tend to get a very large root very quickly. Consider
that libnss-ldap indirectly depends on SASL. You want this
dependency; using strong authentication for your NSS information is
good. It is unfortunate the current code in libnss doesn't actually
export an interface to this.
But depending on SASL implies that a shell might reasonably try to
pull in arbitrary SASL plugins. That implies moving things like
libssl into /lib now. Once libldap is linked directly against libssl,
you definitely have to move it into /lib.
What a mess.
Reply to: