On Wed, Sep 2, 2015 at 2:28 AM, Eray Aslan <e...@gentoo.org> wrote: > On Tue, Sep 01, 2015 at 03:24:05PM +0200, Lars Wendler wrote: >> * We should really get heimdal and mit-krb5 packages in a shape where >> we can install them in parallel [2]. Using the bundled heimdal from >> samba is no valid option [3] > > While bundling a copy of a kerberos implementation is certainly not > ideal, I think this is the only sensible option at the moment. > > Re-evaluate when samba's changes end up in a heimdal release we can > package. Some of the changes landed upstream in July, so there has been > some progress recently. >
I agree that it may make sense to allow use of a bundled heimdal until this can be remedied. Perhaps control it via a USE flag (which is how chromium approached issues like this as they slowly unbundled things in the earlier days). If the user can install the packaged heimdal that should be the recommended approach, but if not they can use the bundle. I didn't get the impression that changes to heimdal were the issue here, but rather the fact that it blocks mit-krb5. It seems like competing implementations of the same library that don't actually aim to be completely compatible is becoming more of an issue these days. We're seeing it here, and we of course have all grown to love ffmpeg/libav. Since we're source-based we have a lot more power to control these issues, but we probably don't want to have to patch build systems left and right to do it. Where there are simpler solutions we should take them, and if upstream has already helped out with the hacking by bundling that should be considered a practical compromise where necessary. -- Rich
