Re: Looking for a co-maintainer for adduser
John Belmonte wrote: All those points are well taken. I was trying to pull a fast one: surely no one would notice a few files added to base which total 1/3rd the size of bash itself. But I've been caught. I hope you realize that the perl-base package is itself hardly larger than bash. -- see shy jo
Re: Looking for a co-maintainer for adduser
Only on a well-written OS... ;) Mark Brown wrote: On Mon, Oct 06, 2003 at 01:01:52AM +0200, Marc Haber wrote: Well-written C++ using well tested class libraries tend to do a pretty good job, security-wise. I often find that well written code does a good job.
Re: Looking for a co-maintainer for adduser
John Belmonte dijo [Sun, Oct 05, 2003 at 10:20:59AM -0400]: Lua is a modern high-level language. Its 15K stand-alone interpreter depends on only two libraries which total less than 200K. The functionality of its standard libraries are limited by ANSI C, but there are are third party libraries for talking to the OS, such as a POSIX library. Someone less averse to prefix notation than I might make the same argument about scsh. It's larger and has more dependencies, but on the other hand has full library support for system programming. Why not consider tiny languages? Because of how powerful is Perl? Because of the amount of things that depend on Perl that currently exist and would be a waste of time to rewrite? Because Perl might be the best tool for many cases? There are many possible answers... Not that coding in Lua, scsh or similar tools is bad. Not that the regular shells are not up to the task in many cases. Simply that... Perl seems to be such a powerful language that people would end up installing it anyway - And if you have an optional package installed in 95% of the machines, then you have something I would like calling 'base'. Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5630-9700 ext. 1366 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF
Re: Looking for a co-maintainer for adduser
Gunnar Wolf wrote: Because of how powerful is Perl? Because of the amount of things that depend on Perl that currently exist and would be a waste of time to rewrite? Because Perl might be the best tool for many cases? There are many possible answers... Not that coding in Lua, scsh or similar tools is bad. Not that the regular shells are not up to the task in many cases. Simply that... Perl seems to be such a powerful language that people would end up installing it anyway - And if you have an optional package installed in 95% of the machines, then you have something I would like calling 'base'. Excuse me, but I'm not arguing Lua vs. Perl, or tiny languages vs. Perl. Rather I'm challenging Colin Watson's statement, Take away Perl and you've got only shell, C, and C++ left. -- http:// if le.o /
Re: Looking for a co-maintainer for adduser
On Mon, Oct 06, 2003 at 03:14:24PM -0500, Gunnar Wolf wrote: John Belmonte dijo [Sun, Oct 05, 2003 at 10:20:59AM -0400]: Lua is a modern high-level language. Its 15K stand-alone interpreter depends on only two libraries which total less than 200K. The functionality of its standard libraries are limited by ANSI C, but there are are third party libraries for talking to the OS, such as a POSIX library. Someone less averse to prefix notation than I might make the same argument about scsh. It's larger and has more dependencies, but on the other hand has full library support for system programming. Why not consider tiny languages? Because of how powerful is Perl? Because of the amount of things that depend on Perl that currently exist and would be a waste of time to rewrite? Because Perl might be the best tool for many cases? There are many possible answers... Actually, TTBOMK, it's more or less a historic choice. Which is to say, at the time the decision was made, Perl was one of the only tools which COULD do all of the things needed for setting up a base system, in a single language which could (reasonably) easily express this (bash shell does not easily express it, even if it *can* express it, generally). If the decision were being made today, we might see arguments over Perl, Lua, Python, and probably others - valid ones, in fact. However, now isn't then, and once the decision has been made, it becomes a much harder thing to move away from it (for good reason) - since it involves rewriting everything, with the attendant bugs, problems, unrest, and insanity that comes with. (I like Perl; it's my slap-it-together language of choice. Conversely, I also regularly work on a system where core pieces are written in python, because that's the religion of the person who set it up. If you want to see my actual opinion, go read the 'Perl vs Python' bit in Unix Power Tools, 3rd edition - written by the same person, and reviewed in-house to ensure a fair hearing to Perl :) Actually, I'd almost prefer Python for doing Debian base work - not because Perl is bad at it, per se, but because so many people have bad Perl habits, and this propagates into the scripts. Python makes it (slightly) harder to write truly gross code, and since Debian maintainer scripts really shouldn't be doing the stupid tricks that prevents you from doing *anyway*, I'd be willing to take that loss. But it just isn't worth it to try to convert everything (at least, not until Perl 6 forces us to consider rewriting it all, anyway...) Though getting Python to have an easier Build-Depend chain would be nice for porters, if we ever do support it as an option for maintainer scripts. -- Joel Baker [EMAIL PROTECTED],''`. Debian GNU NetBSD/i386 porter: :' : `. `' `- pgppklYb4P64n.pgp Description: PGP signature
Re: Looking for a co-maintainer for adduser
On Mon, Oct 06, 2003 at 05:42:05PM -0400, John Belmonte wrote: Gunnar Wolf wrote: Because of how powerful is Perl? Because of the amount of things that depend on Perl that currently exist and would be a waste of time to rewrite? Because Perl might be the best tool for many cases? There are many possible answers... Not that coding in Lua, scsh or similar tools is bad. Not that the regular shells are not up to the task in many cases. Simply that... Perl seems to be such a powerful language that people would end up installing it anyway - And if you have an optional package installed in 95% of the machines, then you have something I would like calling 'base'. Excuse me, but I'm not arguing Lua vs. Perl, or tiny languages vs. Perl. Rather I'm challenging Colin Watson's statement, Take away Perl and you've got only shell, C, and C++ left. You haven't challenged it successfully, then; to my knowledge, my statement is correct for the current base system, which is what it was referring to. I don't necessarily oppose tiny languages such as Lua, but perhaps somebody should write the tools in question in them first, otherwise this is pure vapourware. (Or, then again, perhaps they shouldn't; I'm not a fan of rewriting things that already work.) Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: Looking for a co-maintainer for adduser
Colin Watson wrote: You haven't challenged it successfully, then; to my knowledge, my statement is correct for the current base system, which is what it was referring to. I don't necessarily oppose tiny languages such as Lua, but perhaps somebody should write the tools in question in them first, otherwise this is pure vapourware. (Or, then again, perhaps they shouldn't; I'm not a fan of rewriting things that already work.) All those points are well taken. I was trying to pull a fast one: surely no one would notice a few files added to base which total 1/3rd the size of bash itself. But I've been caught. As for the evils of rewriting, I tend to agree. However, in this case, the maintainer of adduser said, ... I don't like the way adduser is currently written (and also perl) a lot, and was planning to do a complete overhaul, which prompted me to be so bold. -- http:// if le.o /
Re: Looking for a co-maintainer for adduser
On Sat, 04 Oct 2003 15:58:46 -0500, John Hasler [EMAIL PROTECTED] wrote: But it would not be nice to not have the things that would leave with it. Generally, it would be a good thing to have Debian base installable without perl. That way, security-aware administrators would have the right to choose whether they need $BELL or $WHISTLE that makes perl appear. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29
Re: Looking for a co-maintainer for adduser
On Sun, Oct 05, 2003 at 01:41:56PM +0200, Marc Haber wrote: On Sat, 04 Oct 2003 15:58:46 -0500, John Hasler [EMAIL PROTECTED] wrote: But it would not be nice to not have the things that would leave with it. Generally, it would be a good thing to have Debian base installable without perl. That way, security-aware administrators would have the right to choose whether they need $BELL or $WHISTLE that makes perl appear. I'd rather that the tools in Debian base were written in a high-level language where available. Take away Perl and you've got only shell, C, and C++ left; I don't think that's going to improve security in practice. -- Colin Watson [EMAIL PROTECTED]
Re: Looking for a co-maintainer for adduser
Colin Watson wrote: I'd rather that the tools in Debian base were written in a high-level language where available. Take away Perl and you've got only shell, C, and C++ left; I don't think that's going to improve security in practice. Lua is a modern high-level language. Its 15K stand-alone interpreter depends on only two libraries which total less than 200K. The functionality of its standard libraries are limited by ANSI C, but there are are third party libraries for talking to the OS, such as a POSIX library. Someone less averse to prefix notation than I might make the same argument about scsh. It's larger and has more dependencies, but on the other hand has full library support for system programming. Why not consider tiny languages? -- http:// if le.o /
Re: Looking for a co-maintainer for adduser
On Sun, 2003-10-05 at 12:41, Marc Haber wrote: On Sat, 04 Oct 2003 15:58:46 -0500, John Hasler [EMAIL PROTECTED] wrote: But it would not be nice to not have the things that would leave with it
Re: Looking for a co-maintainer for adduser
On Sun, 5 Oct 2003 10:54:50 +0100, Colin Watson [EMAIL PROTECTED] wrote: I'd rather that the tools in Debian base were written in a high-level language where available. Take away Perl and you've got only shell, C, and C++ left; I don't think that's going to improve security in practice. Well-written C++ using well tested class libraries tend to do a pretty good job, security-wise. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29
Re: Looking for a co-maintainer for adduser
On Mon, Oct 06, 2003 at 01:01:52AM +0200, Marc Haber wrote: Well-written C++ using well tested class libraries tend to do a pretty good job, security-wise. I often find that well written code does a good job. -- You grabbed my hand and we fell into it, like a daydream - or a fever.
Re: Looking for a co-maintainer for adduser
Marc Haber wrote: Colin Watson wrote: I'd rather that the tools in Debian base were written in a high-level language where available. Take away Perl and you've got only shell, C, and C++ left; I don't think that's going to improve security in practice. Well-written C++ using well tested class libraries tend to do a pretty good job, security-wise. Saying well-written is cheating. Any well written program is always good by definition or it is not be well written. But what about poorly written cruft? Almost all languages are easy to write badly. But some are easier than others. Both C++ and Perl come to my mind when I think of bad programming practices and swiss army chainsaws. Bob pgppvqBwloD23.pgp Description: PGP signature
Re: Looking for a co-maintainer for adduser
On Sun, Oct 05, 2003 at 05:18:45PM -0600, Bob Proulx wrote: Saying well-written is cheating. Any well written program is always good by definition or it is not be well written. But what about poorly written cruft? Almost all languages are easy to write badly. But some are easier than others. Both C++ and Perl come to my mind when I think of bad programming practices and swiss army chainsaws. I think the point is that good code and bad code are possible in any language, and the panacea of switching to a particular language and expecting all coding programs to go away is simplistic and unrealistic. Sure in some languages like Java there aren't going to be pointer problems, but other avenues of attack are just as likely; insecure use of temporary files, symlink attacks, signal attacks and etc. Steve -- # Debian Security Audit Project http://www.steve.org.uk/Debian/
Re: Looking for a co-maintainer for adduser
On Fri, 03 Oct 2003 18:49:40 +0100, Scott James Remnant [EMAIL PROTECTED] wrote: Some of us would like to see Perl taken out of base as well :) That would be an awfully nice thing to have. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29
Re: Looking for a co-maintainer for adduser
Scott James Remnant wrote: Some of us would like to see Perl taken out of base as well :) Marc writes: That would be an awfully nice thing to have. But it would not be nice to not have the things that would leave with it. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI
Re: Looking for a co-maintainer for adduser
On Thu, 2003-10-02 at 09:49, Colin Watson wrote: On Thu, Oct 02, 2003 at 10:16:28AM +0200, Domenico Andreoli wrote: i have developed a system in python which abstracts from the backend too. moreover it is easily expandable with python plugins. it is also easy to develop new applications/utilities using it as a python module. it is pretty stable, i already use it in production system. That would mean we'd have to add python to the base system. Perhaps a bit much in size terms? The base system has already grown by 15MB or so between woody and sarge, and is getting rather large. Indeed, keep Python out of base. Some of us would like to see Perl taken out of base as well :) Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist? signature.asc Description: This is a digitally signed message part
Looking for a co-maintainer for adduser
The number of bugs on the adduser package has constantly increased for the last few months, though none of them is release critical. Since I was busy with other stuff (mostly OpenLDAP and related stuff) I didn't keep up with all the feature requests and non-critical bugs. This is also partly due to the fact that I don't like the way adduser is currently written (and also perl) a lot, and was planning to do a complete overhaul (http://www.hbg-bremen.de/~roland/code/adduser.xhtml). Matthew Palmer has done some nice work in abstracting the passwd storage backend, and adding methods for LDAP storage. The latter, though, still needs some more work to be useful in different directory structures. I am thus seeking for one or two co-maintainers, and appreciate it a lot if Matthew would chose to be one of them. The package is managed in a Subversion repository on Alioth. The main package is in trunk, Matthew's LDAP extended version in brances/adduser-ldap (which should eventually be merged into trunk); all in the svn+ssh://svn.debian.org/svn/adduser repository. It'd be particularly useful, if you have NIS experience (and maybe even a running setup), but not required. There is an adduser-devel also on Alioth. If you are interested, drop me a note off-list. -- Roland
Re: Looking for a co-maintainer for adduser
On Thu, Oct 02, 2003 at 10:02:38AM +0200, Roland Bauerschmidt wrote: The number of bugs on the adduser package has constantly increased for the last few months, though none of them is release critical. Since I was busy with other stuff (mostly OpenLDAP and related stuff) I didn't keep up with all the feature requests and non-critical bugs. This is also partly due to the fact that I don't like the way adduser is currently written (and also perl) a lot, and was planning to do a complete overhaul (http://www.hbg-bremen.de/~roland/code/adduser.xhtml). i could be interested Matthew Palmer has done some nice work in abstracting the passwd storage backend, and adding methods for LDAP storage. The latter, though, still needs some more work to be useful in different directory structures. i have developed a system in python which abstracts from the backend too. moreover it is easily expandable with python plugins. it is also easy to develop new applications/utilities using it as a python module. it is pretty stable, i already use it in production system. http://www.nongnu.org/prua/ I am thus seeking for one or two co-maintainers, and appreciate it a lot if Matthew would chose to be one of them. The package is managed in a Subversion repository on Alioth. The main package is in trunk, Matthew's LDAP extended version in brances/adduser-ldap (which should eventually be merged into trunk); all in the svn+ssh://svn.debian.org/svn/adduser repository. It'd be particularly useful, if you have NIS experience (and maybe even a running setup), but not required. There is an adduser-devel also on Alioth. -[ Domenico Andreoli, aka cavok --[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc ---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
Re: Looking for a co-maintainer for adduser
On Thu, Oct 02, 2003 at 10:16:28AM +0200, Domenico Andreoli wrote: On Thu, Oct 02, 2003 at 10:02:38AM +0200, Roland Bauerschmidt wrote: Matthew Palmer has done some nice work in abstracting the passwd storage backend, and adding methods for LDAP storage. The latter, though, still needs some more work to be useful in different directory structures. i have developed a system in python which abstracts from the backend too. moreover it is easily expandable with python plugins. it is also easy to develop new applications/utilities using it as a python module. it is pretty stable, i already use it in production system. http://www.nongnu.org/prua/ That would mean we'd have to add python to the base system. Perhaps a bit much in size terms? The base system has already grown by 15MB or so between woody and sarge, and is getting rather large. -- Colin Watson [EMAIL PROTECTED]
Re: Looking for a co-maintainer for adduser
Colin Watson writes: That would mean we'd have to add python to the base system. I'd _really_ rather not see that. While I now use Python in preference to Perl, I don't think its advantages justify bloating base. Perl's just another procedural language. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI