From owner-freebsd-security@FreeBSD.ORG  Wed Sep 21 21:32:37 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id A2880106566C
	for <freebsd-security@freebsd.org>;
	Wed, 21 Sep 2011 21:32:37 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org
	[IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 5CC401501FC;
	Wed, 21 Sep 2011 21:32:36 +0000 (UTC)
Message-ID: <4E7A57F3.20109@FreeBSD.org>
Date: Wed, 21 Sep 2011 14:32:35 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:6.0.2) Gecko/20110912 Thunderbird/6.0.2
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <86boukbk8s.fsf@ds4.des.no>
In-Reply-To: <86boukbk8s.fsf@ds4.des.no>
X-Enigmail-Version: undefined
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org
Subject: Re: PAM modules
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2011 21:32:37 -0000

On 09/16/2011 08:05, Dag-Erling Smørgrav wrote:
> We currently have a number of PAM modules in ports, and while some of
> them are specific to certain third-party software, many aren't.  I
> believe we would benefit from importing at least some of these into
> base.  My question is: which ones?

For the sake of having the opposing viewpoint represented, I'm opposed
to importing more of this stuff into the base. Given that it works just
fine as it is, the benefits of importing it would have to overwhelmingly
compensate for the negatives of having to keep them up to date in the base.

Taking ldap as an example, the subset of our users who need this
functionality are already able to get it from the ports tree, where it
is easier to keep up to date across multiple FreeBSD versions.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/