On Tue, 20 Sep 2011, Xin LI wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 09/20/11 15:51, Kostik Belousov wrote:
[...]
Yes, the question of maintanence of the OpenLDAP code in the base
is not trivial by any means. I remember that openldap once broke
the ABI on its stable-like branch.
That happen a few times however these are either not essential client
library (libldap and liblber) API or it's not changing parameters or
removing interfaces. Moreover, like the base libbsdxml.so, it's only
intended to be used by base system only so it's relatively easier to
maintain ABI stability, e.g. we can probably just expose only symbols
that we use, etc.
This is not without its own failures. For example, I sometimes find
myself wanting a kgetcred(1) from heimdal, but we do not build it as part
of our base heimdal. As a separate utility, this is not so bad; for a
library, things can get much more annoying.
Only exposing a limited set of symbols can make third-party tools that
want extra symbols very sad, unless it is easy to drop in a full version
from ports and still have all of base "just work". I do not quite think
that the current state of ports for ldap would "just work" without some
extra configuration (though, nor have I tried something like it).
-Ben Kaduk
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
