Date: Tue, 10 Jan 2017 09:16:43 +0300 From: Sergei Vyshenski <svysh.fbsd@gmail.com> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Jan Bramkamp <crest@rlwinm.de>, freebsd-ports@freebsd.org Subject: Re: openldap-client vs openldap-sasl-client Message-ID: <CAHU0Y-7NY5cWZ%2BeuSrUX%2B6xTOu5RaceaWRbYwdphNH7TkTS8rg@mail.gmail.com> In-Reply-To: <587414A3.1010206@quip.cz> References: <c798f1e9-92f0-1d2a-32e4-46dad59f05d0@FreeBSD.org> <34b66662-a2d7-706d-3653-e0ffc9bf81b2@rlwinm.de> <5874135B.4000900@quip.cz> <587414A3.1010206@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Edemic enforcement of unwanted security technologies propagates further on. Port net/p5-perl-ldap requires port security/p5-Authen-SASL, which by defaul turns ON kerberos support. This brings situation, when private key infrastructure (PKI) software by default depends from Kerberos, which is as if: nginx depends from apache. Cf PR here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215835 Regards, Sergei On Tue, Jan 10, 2017 at 1:54 AM, Miroslav Lachman <000.fbsd@quip.cz> wrote: > Miroslav Lachman wrote on 2017/01/09 23:48: > >> Jan Bramkamp wrote on 2017/01/05 11:30: >> >>> On 04/01/2017 18:32, Andriy Gapon wrote: >>> >>>> >>>> Do you I understand correctly that it is impossible now to install >>>> both samba44 >>>> and libreoffice using the official FreeBSD package repository? >>>> Or samba44 and KDE? >>>> >>>> If yes, then that sucks... >>>> >>> >>> Yes and yes it sucks. The "solution" is to build your own repo and set >>> the right flags to always use the same LDAP client port. With binary >>> packages and the speed of modern x86_64 systems I for one no longer see >>> removing SASL support from OpenLDAP as useful enough to justify the >>> complexity. Are there any reasons other than saved build time to disable >>> this dependency (e.g. a bad security track record/process, different >>> licenses)? >>> >> >> And what is the right way to choose SASL / NON-SASL version globaly? >> We are building packages in our poudriere, but I cannot find the proper >> variable / option for this. >> >> Miroslav Lachman >> > > I don't need SASL for LDAP client, but somebody messed up ports tree with > WANT_OPENLDAP_SASL which is for users and not maintainers: > > # WANT_OPENLDAP_SASL > # - User-defined variable to depend upon > SASL-enabled OpenLDAP > # client. Must NOT be set in a port > Makefile. > > So why it is set there > > https://svnweb.freebsd.org/ports/head/databases/ldb/Makefile > ?r1=430417&r2=430416&pathrev=430417 > > and there > > https://svnweb.freebsd.org/ports/head/net/samba43/Makefile? > r1=429692&r2=429691&pathrev=429692 > > and maybe in some other places > > Miroslav Lachman > _______________________________________________ > freebsd-ports@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHU0Y-7NY5cWZ%2BeuSrUX%2B6xTOu5RaceaWRbYwdphNH7TkTS8rg>