>While I appreciate the effort put in to this work, I don't think the >above statement is justification for putting this code into nmh when it >really does belong in the external SASL provider libraries. > >Eric, have you approached the Cyrus people to see if they will accept >the code? I can't think of any reason why they wouldn't.
I looked on the SASL mailing lists; it's not clear to me who's responsible for developing Cyrus SASL anymore, but there hasn't been a release in 3 years (okay, my bad; there was a stealth 2.1.26 that was released in 2012. So, two years?). There was someone working on OAUTH for it here: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2014-May/002726.html But ... the overall impression I get is that Cyrus-SASL is kind of languishing. Also, from what I've seen at the first glance of Eric's code, putting it into Cyrus-SASL is going to require some significant work since there's extra stuff you need to do to before you login that doesn't quite jibe with the SASL library implementation. >The potential for code conflict here is pretty high. What happens when >the Cyrus SASL library grows its own OAUTH capabilities? Most likely we >would just end up ripping this code out again. It would be much better >if the OAUTH code was incorporated in the correct place to begin with >(i.e. Cyrus). Sigh. I understand where you're coming from ... but I'll be honest. My dealings with the Cyrus SASL people haven't always been positive (okay, that was a while ago, but still ... they're not so open). My glance at Eric's code is that it is reasonable (but I still need to look more closely); if the choice is wait for someone to put this in Cyrus-SASL, or cram Eric's code into nmh, well, I'm 100% voting for taking Eric's code into nmh. --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
