From owner-cvs-all Tue Sep 21 15:17: 4 1999 Delivered-To: cvs-all@freebsd.org Received: from arc.hq.cti.ru (arc.hq.cti.ru [195.34.40.3]) by hub.freebsd.org (Postfix) with ESMTP id 48EB215471; Tue, 21 Sep 1999 15:16:48 -0700 (PDT) (envelope-from dima@tejblum.pp.ru) Received: (from uucp@localhost) by arc.hq.cti.ru (8.9.3/8.9.3) with UUCP id CAA04955; Wed, 22 Sep 1999 02:16:00 +0400 (MSD) (envelope-from dima@tejblum.pp.ru) Received: from tejblum.pp.ru (localhost [127.0.0.1]) by tejblum.pp.ru (8.9.3/8.9.3) with ESMTP id CAA03066; Wed, 22 Sep 1999 02:19:29 +0400 (MSD) (envelope-from dima@tejblum.pp.ru) Message-Id: <199909212219.CAA03066@tejblum.pp.ru> X-Mailer: exmh version 2.0gamma 1/27/96 To: Mark Murray Cc: Dmitrij Tejblum , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org From: Dmitrij Tejblum Subject: Re: cvs commit: src/secure/lib/libcrypt Makefile src/lib/libcrypt Makefile In-reply-to: Your message of "Tue, 21 Sep 1999 20:32:28 +0200." <199909211832.UAA73900@gratis.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 22 Sep 1999 02:19:29 +0400 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Mark Murray wrote: > > > Don't you observe MAINTAINER= ?? > > > > I am following my common sense. Even if you are 'MAINTAINER', you could > > to not create problems for other people. > > You know, you could have asked. You could even have presented a decent > technical opinion on this point. You know, you could DTRT from the beginning. You could do not do the major version bump secretly. You could do not blame other people when you do a mistake. You could have your commit reviewed by someone else, even though you are the MAINTAINER. That reviewer could tell you that your changes in libscrypt break most programs that create new password, including the adduser script. The programs use a random string as the salt, and don't prefix the salt with "$1$" or similar. (Not only this is the traditional usage, it is even documented in SUSV2). Here is a trivial patch, feel free to review and commit it (I even tested it somehow :-). Index: crypt.c =================================================================== RCS file: /home/ncvs/src/lib/libcrypt/crypt.c,v retrieving revision 1.12 diff -u -r1.12 crypt.c --- crypt.c 1999/09/20 12:45:49 1.12 +++ crypt.c 1999/09/21 21:25:55 @@ -44,6 +44,6 @@ #ifdef NONEXPORTABLE_CRYPT return crypt_des(passwd, salt); #else - return NULL; + return crypt_md5(passwd, salt); #endif } Yes, I could have asked "why you have bumped the version number?". But I do not actually want to know: I have other things to bother about. Then, I guess I won't get an answer: you already sent 2 mails without the answer [to this implicit question]. > Committing on top of my commit > (where there is no _breakage_ like Peter fixed) is OUT. There _is_ a _breakage_, tough it is not that apparent now. A libcrypt specific aspect: you added a new encryption algoruthm, SHA1, and bumoped the version number. Suppose someone want to use SHA1-encrypted passwords in his password file. (It is legal, right?). Then he will be forced to upgrade all his old binaries that perform authetication (like ssh) linked against licrypt.so.2, because libcrypt.so.2 cannot autheticate users with SHA1 passwords. Thank you very much, I prefer to live without unexpected/urgent upgrades. I have other things to bother about. > MAINTAINER= is supposed to be a > deciding factor here. I disagree. You made a change that affect me as a FreeBSD user. This change is going to cause problems to me, have _no_ rationale, and was done secretly, not to mention that it was done without a discussion. Who gave you the right to create problems to me? IMHO you are confusing MAINTAINER with god. (Here I am talking only about the version bump; you know, other your (unmotivated) changes created a real serious problems for other users). Dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message