Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=1450


Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org




--- Comment #2 from Damien Miller <djm@mindrot.org> 2008-03-23 18:17:27 ---
This requires DBus, right? Last time I looked, DBus is GPL. We aren't
going to link OpenSSH against any GPL software.

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1450





--- Comment #3 from Tomas Mraz <t8m@centrum.cz> 2008-03-25 04:43:11 ---
DBus is dual licensed GPL and Academic Free License 2.1 so it should be
fine.
http://gitweb.freedesktop.org/?p=dbus/dbus.git;a=blob_plain;h=a91ca1d1bbd0bd1a404270daecf606778057b38f;f=COPYING

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=1450





--- Comment #4 from Damien Miller <djm@mindrot.org> 2008-03-25 13:03:01 ---
I don't like this patch, for the following reasons.

On the patch itself, it seems like a really bad approach:

* We already have a working policy mechanism for OpenSSH in the form of
sshd_config Match blocks. Adding another is confusing and potentially
dangerous.

* Likewise, why duplicate utmp/wtmp? We are going to have to maintain
this in perpetuity anyway so why add a parallel mechanism? (to every
system process that handles logins!)

* Alerting an administrator that there are still logged in users can
easily be done by checking utmp/wtmp, so this patch doesn't provide a
clear benefit there either.

* That a simple registration mechanism requires >250 lines of new code
is a sure sign that the API is either horrendously overengineered or
insufficiently abstracted.

* If something like this is required, wouldn't it make more sense to
build it into a small helper program (e.g. something like utempter) so
every daemon could use it? (We'd be interested in patches to make sshd
use utempter BTW)

On dependencies:

* I'm not familiar with the AFPL, it looks like a copyleft licence but
I can't be certain because it is long, impenetrable legalese. (Why do
people insist on creating strange new licenses when we have BSD, Apache
and L/GPL?) I'd be much more comfortable if the client libraries that
this linked against were unambiguously permissive - I don't want
OpenSSH assuming some frankenlicense depending on which --enable-
options were selected at configure time.

* I'm also worried about libraries that are transitive dependencies.
How much will this bloat sshd? (we do care how many shared libraries we
link against).

* Are any GPL/LGPL libraries in the transitive dependency set? We won't
link against GPL and will avoid LGPL that too unless there was some
critical reason, i.e. "won't work on a platform without it".

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs