tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: 2 Patches to security/krb5/

"Dr. Thomas Orgis" <> writes:

> Actually, is it sensible to only condition the krb5.h or krb5/krb5.h
> decision on Linux/Darwin OS? Could one rewrite this to check for both?
> Or rather, thinking a bit more … isn't
> test $(/usr/bin/krb5-config --vendor) = Massachusetts Institute of Technology
> better than grepping around in headers? Is that present in old
> versions? Or the version output …
> $ /data/pkg/bin/krb5-config --version
> heimdal 1.5.3
> $ /usr/bin/krb5-config --version
> Kerberos 5 release 1.17
> (Heimdal doesn't offer --vendor.)

Probably you are right that this could use revamping.  I think we tend
to be shy about that as it can break things on platforms we aren't
testing on.

> It might be more the pkgsrc way to test for platform and use known
> properties of those. But this falls flat when your check is just
> ‘Linux’ without any vintage attached. Using krb5-config would work
> ‘anywhere’.

I am not sure platform/known is the way, if it's easy to check.

I wonder how long krb5-config has been around.

99.9% you know this already, but keep in mind that heimdal ships
krb5-config too (and of course this has to not match heimdal).

> But if we are going for minimal changes, at least any non-ancient linux
> will have mit-krb5 version 1.5+ and so my patch works in practice and
> is an improvement. But it doesn't feel entirely correct.


Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index