[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Interest in packaging GNU Shishi and GNU Generic Security Service?

Simon Josefsson <jas@extundo.com> writes:

> Having you as a co-maintainer would be great.

> I expect the initial packaging to be simple, it is just a './configure
> && make install' package.  Part of the 'make install' procedure should
> be duplicated in the apt install scripts, for the KDC side, but that
> part is not important.  I think it is more important to simply get the
> library and binaries packaged.  How to better co-exist with MIT and
> Heimdal is something that will need to be figured out along the way.

There is an open bug against MIT Kerberos (#213316) asking that it use the
alternatives system.  Originally this was for Java packages, which
thankfully have stopped using alternatives to manage their broken version
of kinit, but it's still appealing to coexist with Heimdal.  I don't want
to add it only in MIT Kerberos, but if the Heimdal folks are also
interested, I think it would be worthwhile.

I don't know if Shishi conflicts with any binary names in Heimdal or MIT
Kerberos; I haven't checked yet.  If so, alternatives looks even more

The dev packages for Heimdal and MIT Kerberos conflict and that can't
really be fixed.  Whether Shishi would also conflict is an interesting
question.  I expect that the GSSAPI dev package would.

Are you implementing the same API as MIT Kerberos, the same API as
Heimdal, or something else yet again?

> If there is interest in the idea, improving the GSS library to be able
> to dlopen the MIT or Heimdal GSS libraries is an idea I have been
> playing with.  Then Debian packages (like gsasl, fetchmail, curl,
> mailutils, etc, that support GSS) would only have to be linked with GNU
> GSS, and the user can, during run-time through a configuration file,
> decide which actual implementation should be used.  GNU GSS would then
> merely be a shim between MIT, Heimdal or Shishi.  Then enabling GSS in
> more packages would be simpler, without having a strong dependency on
> just one of MIT, Heimdal or Shishi.

Cyrus SASL is a particularly interesting case, since lots and lots of
things depend on it.  (gsasl hasn't gotten much penetration yet, so far as
I know.)

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Reply to: