Hi Bálint, On 3/12/23 20:22, Bálint Réczey wrote: > Hi Alejandro, > > Alejandro Colomar <alx.manpa...@gmail.com> ezt írta (időpont: 2023. > márc. 12., V, 16:52): >> >> Hi Bálint, >> >> On 3/12/23 16:38, Bálint Réczey wrote: >>>> 142 lines of a function definition are not something I'd consider easy to >>>> maintain. Is it a big deal to add another dependency? I'd say it's a >>>> bigger deal to copy verbatim so many lines of code, and sync them from >>>> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they >>>> apply. That's exactly the purpose of libbsd, so I think relying on them >>>> should be fine. >>> >>> The function does not change often. It changed two times in the last 13 >>> years: >>> https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c >>> >>> I'd be happy to add a GitHub Action job or an autopkgtest in Debian to >>> check if shadow's local copy needs an update. >>> >>> Depending on libbsd would pull the library into every single docker >>> container image increasing their size and would make libbsd part of >>> the pseudo-essential set, thus I prefer not depending on it for a few >>> lines of code. >> >> libbsd0 is only ~ 200 kB (installed size). That should be >> insignificant compared to a Debian docker image, or even to the >> shadow packages. >> >> libsubid4 is ~ 300 kB >> uidmap is ~ 300 kB >> login is ~ 2.6 MB >> passwd is ~ 2.8 kB >> >> And the unstable-slim Debian Docker image is around 28 MB >> (compressed size). > > Yes, and libsubid4 and uidmap are not present in the docker images. > >> >> Moreover, having this libbsd part of the pseudo-essential set would >> allow many other packages to rely on it, thus deduplicating the >> copies that some projects currently do to avoid depending on it, >> so the total distribution size could even shrink in the long term. > > Developers of Debian are expected to be very conservative regarding > expanding the (pseudo-) essential set: > https://www.debian.org/doc/debian-policy/ch-binary.html#essential-packages > > I value keeping the essential set minimal above providing one more > shared library for potential reverse dependencies, too. > I'd like to hear more people's opinion from the shadow project and if > the project insists on adding the libbsd dependency I will bring the > topic to debian-devel following the spirit of the Debian Policy > offering to either carry a copy of readpassphrase.c as a patch in the > Debian package or adding the libbsd dependency.
I've CCd Guillem to know his opinion too. IMO, the functionallity provided by libbsd is essential; so much that I think glibc should pick it. However, now that libbsd has it, it's not so important to add it to glibc, but then libbsd has to have a status similar to libc. We've fixed many bugs in shadow with the help of libbsd, and I think many projects would benefit from having it available. But of course, that needs agreement of libbsd's maintainer (Guillem), and the debian-devel team. Let's see what they and the shadow maintainers think. Cheers, Alex -- <http://www.alejandro-colomar.es/> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Pkg-shadow-devel mailing list Pkg-shadow-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel