Hi Bálint, On 3/12/23 16:38, Bálint Réczey wrote: >> 142 lines of a function definition are not something I'd consider easy to >> maintain. Is it a big deal to add another dependency? I'd say it's a >> bigger deal to copy verbatim so many lines of code, and sync them from >> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they >> apply. That's exactly the purpose of libbsd, so I think relying on them >> should be fine. > > The function does not change often. It changed two times in the last 13 years: > https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c > > I'd be happy to add a GitHub Action job or an autopkgtest in Debian to > check if shadow's local copy needs an update. > > Depending on libbsd would pull the library into every single docker > container image increasing their size and would make libbsd part of > the pseudo-essential set, thus I prefer not depending on it for a few > lines of code.
libbsd0 is only ~ 200 kB (installed size). That should be insignificant compared to a Debian docker image, or even to the shadow packages. libsubid4 is ~ 300 kB uidmap is ~ 300 kB login is ~ 2.6 MB passwd is ~ 2.8 kB And the unstable-slim Debian Docker image is around 28 MB (compressed size). Moreover, having this libbsd part of the pseudo-essential set would allow many other packages to rely on it, thus deduplicating the copies that some projects currently do to avoid depending on it, so the total distribution size could even shrink in the long term. Cheers, Alex -- <http://www.alejandro-colomar.es/> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Pkg-shadow-devel mailing list Pkg-shadow-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
