Buchan Milne wrote: > Sorry, my mistake, this thread is about removing the requirement for the > cyrus-sasl package, which I am still not sure about, since any server > using sasl is going to need *something* to authenticate against, either > saslauthd, sasldb, or a plugin, but I guess David is happy to tell users > to install cyrus-sasl all the time (instead of just telling some to > install plugins) ;-). And it's a very small package (300k installed).
Most users don't use it. Furthermore it installs a daemon "saslauthd" that's set to run by default. Most users won't know what it is, or disable it. If there's any security problems with it, we've needlessly opened up a security hole for a lot of people. You oughtta be able to install these applications (postfix etc) without being required to install cyrus-sasl.
