Date: Wed, 21 Sep 2011 02:43:47 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: Xin LI <delphij@delphij.net> Cc: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>, Lev Serebryakov <lev@FreeBSD.org>, d@delphij.net, freebsd-security@freebsd.org Subject: Re: PAM modules Message-ID: <849327678.20110921024347@serebryakov.spb.ru> In-Reply-To: <4E7914E1.6040408@delphij.net> References: <86boukbk8s.fsf@ds4.des.no> <4E738794.4050908@delphij.net> <86zki1afto.fsf@ds4.des.no> <4E78EA46.2080806@delphij.net> <86ty86zzcg.fsf@ds4.des.no> <1251419684.20110921022541@serebryakov.spb.ru> <4E7914E1.6040408@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Xin. You wrote 21 =D1=81=D0=B5=D0=BD=D1=82=D1=8F=D0=B1=D1=80=D1=8F 2011 =D0=B3.,= 2:34:09: > That's true but is there any very compelling reason to do that (not > say no if someone really want to invest time on this and maintain it) > instead of just using an actively maintained codebase? The OpenLDAP > license is pretty similar to a BSD license: My point is not a license. I don't know, what is simpler: (a) strip-down and rename API for OpenLDAP and later import new releases, with new strip-downs and renames (IMHO, it is harder, than import and support almost-intact code, like sendmail or bind), or (b) maintain local code, most of which is auto-generated from standard by very mature and stable tool, as Lev's asn1c is. I know Lev personally, and he says, that this tool is used by many Telco operators and other Big Companies and he is not aware about any outstanding bugs (from year 2007!) even when very complex (much more complex than LDAPv3) ASN.1 rules are processed. Sometimes he is contacted for support, but always it is not bugs in compiler, but some other problems. Maybe, import and maintaining of hacked OpenLDAP is simpler in long-standing perspective. Maybe not. I only want to point, that if we want our own LDAP client library, we don't need to write tons of non-obvious, error-prone and security-sensitive code by hands. --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?849327678.20110921024347>