On Tue, 20 Sep 2011, Xin LI wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 09/20/11 15:51, Kostik Belousov wrote: > [...] >> Yes, the question of maintanence of the OpenLDAP code in the base >> is not trivial by any means. I remember that openldap once broke >> the ABI on its stable-like branch. > > That happen a few times however these are either not essential client > library (libldap and liblber) API or it's not changing parameters or > removing interfaces. Moreover, like the base libbsdxml.so, it's only > intended to be used by base system only so it's relatively easier to > maintain ABI stability, e.g. we can probably just expose only symbols > that we use, etc. This is not without its own failures. For example, I sometimes find myself wanting a kgetcred(1) from heimdal, but we do not build it as part of our base heimdal. As a separate utility, this is not so bad; for a library, things can get much more annoying. Only exposing a limited set of symbols can make third-party tools that want extra symbols very sad, unless it is easy to drop in a full version from ports and still have all of base "just work". I do not quite think that the current state of ports for ldap would "just work" without some extra configuration (though, nor have I tried something like it). -Ben Kaduk _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"