On 3/3/14, 4:56 PM, "Russ Allbery" <r...@debian.org> wrote:
>Am I correct in my understanding of the original bug report that the >shibsp library actually requires /etc/shibboleth to work? In other words, >from a package perspective, should libshibsp depend on the configuration >files (however provided)? I was assuming that it was meaningful to use >the library without it, but I never really investigated that assumption. Strictly speaking it's not an absolute, but the default/only implementation of the configuration layer of the library does depend on the XML-based mechanism to do that. Where it lives is arbitrary, but the use of etc/shibboleth is compiled in as a default. >It sounds like the latter more accurately reflects the real underlying >dependencies and requirements. I think that's true. >I am a little worried about downgrading >the shibd dependency in libapache2-mod-shib2 to recommends; maybe it >should stay as depends for now even though it's possible to run shibd on a >different host? I think you can leave that, particularly if all that's installing is shibd + init script. It's possible, but ultimately impractical to run shibd remotely at any scale, leads to security mistakes, and it's an explicit requirement of the Apache half that a shibd be used, which leads me to believe requiring it is the best choice. -- Scott -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org