Date: Wed, 22 Sep 1999 02:19:29 +0400 From: Dmitrij Tejblum <tejblum@arc.hq.cti.ru> To: Mark Murray <mark@grondar.za> Cc: Dmitrij Tejblum <tejblum@arc.hq.cti.ru>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure/lib/libcrypt Makefile src/lib/libcrypt Makefile Message-ID: <199909212219.CAA03066@tejblum.pp.ru> In-Reply-To: Your message of "Tue, 21 Sep 1999 20:32:28 %2B0200." <199909211832.UAA73900@gratis.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray wrote: > > > Don't you observe MAINTAINER= ?? > > > > I am following my common sense. Even if you are 'MAINTAINER', you could > > to not create problems for other people. > > You know, you could have asked. You could even have presented a decent > technical opinion on this point. You know, you could DTRT from the beginning. You could do not do the major version bump secretly. You could do not blame other people when you do a mistake. You could have your commit reviewed by someone else, even though you are the MAINTAINER. That reviewer could tell you that your changes in libscrypt break most programs that create new password, including the adduser script. The programs use a random string as the salt, and don't prefix the salt with "$1$" or similar. (Not only this is the traditional usage, it is even documented in SUSV2). Here is a trivial patch, feel free to review and commit it (I even tested it somehow :-). Index: crypt.c =================================================================== RCS file: /home/ncvs/src/lib/libcrypt/crypt.c,v retrieving revision 1.12 diff -u -r1.12 crypt.c --- crypt.c 1999/09/20 12:45:49 1.12 +++ crypt.c 1999/09/21 21:25:55 @@ -44,6 +44,6 @@ #ifdef NONEXPORTABLE_CRYPT return crypt_des(passwd, salt); #else - return NULL; + return crypt_md5(passwd, salt); #endif } Yes, I could have asked "why you have bumped the version number?". But I do not actually want to know: I have other things to bother about. Then, I guess I won't get an answer: you already sent 2 mails without the answer [to this implicit question]. > Committing on top of my commit > (where there is no _breakage_ like Peter fixed) is OUT. There _is_ a _breakage_, tough it is not that apparent now. A libcrypt specific aspect: you added a new encryption algoruthm, SHA1, and bumoped the version number. Suppose someone want to use SHA1-encrypted passwords in his password file. (It is legal, right?). Then he will be forced to upgrade all his old binaries that perform authetication (like ssh) linked against licrypt.so.2, because libcrypt.so.2 cannot autheticate users with SHA1 passwords. Thank you very much, I prefer to live without unexpected/urgent upgrades. I have other things to bother about. > MAINTAINER= is supposed to be a > deciding factor here. I disagree. You made a change that affect me as a FreeBSD user. This change is going to cause problems to me, have _no_ rationale, and was done secretly, not to mention that it was done without a discussion. Who gave you the right to create problems to me? IMHO you are confusing MAINTAINER with god. (Here I am talking only about the version bump; you know, other your (unmotivated) changes created a real serious problems for other users). Dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909212219.CAA03066>