On Tue, Jul 2, 2013 at 12:52 PM, Alexandre Oliva <aol...@redhat.com> wrote: > At this point, I'd rather we took the opportunity to fix code that makes > unsafe assumptions about the behavior of crypt than push the problem on > for users to figure out when a glibc upgrade causes passwords to fail to > be recognized because the salt suggests the use of a different, > newly-recognized encryption algorithm.
Fully agreed. > This is my current rationale for the current implementation, after two > rounds of discussion on its merits. I must admit I'm not comfortable > with the change that was made to out-of-alphabet DES salt, but ATM I'm > even less comfortable with the alternatives. I didn't always favor the > current situation, and that might change again depending on arguments I > get. But then, I don't have the final word on any of this ;-) > > So, if the rationale above doesn't make you as (un)happy as I am about > the current state of crypt in glibc, please bring forth your > counterarguments and let's see if we can all come to a sensible > agreement. Exactly. Cheers, Carlos. -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cae2ss1ib6r8bsyiaoeoeyqptiwtnmek494aqwcmjkoy_bon...@mail.gmail.com
