[Bug 1450] Support for ConsoleKit on Linux through dbus calls

Tue Mar 25 13:03:04 EST 2008

https://bugzilla.mindrot.org/show_bug.cgi?id=1450

--- Comment #4 from Damien Miller <djm at mindrot.org>  2008-03-25 13:03:01 ---
I don't like this patch, for the following reasons.

On the patch itself, it seems like a really bad approach:

* We already have a working policy mechanism for OpenSSH in the form of
sshd_config Match blocks. Adding another is confusing and potentially
dangerous.

* Likewise, why duplicate utmp/wtmp? We are going to have to maintain
this in perpetuity anyway so why add a parallel mechanism? (to every
system process that handles logins!)

* Alerting an administrator that there are still logged in users can
easily be done by checking utmp/wtmp, so this patch doesn't provide a
clear benefit there either.

* That a simple registration mechanism requires >250 lines of new code
is a sure sign that the API is either horrendously overengineered or
insufficiently abstracted.

* If something like this is required, wouldn't it make more sense to
build it into a small helper program (e.g. something like utempter) so
every daemon could use it? (We'd be interested in patches to make sshd
use utempter BTW)

On dependencies: 

* I'm not familiar with the AFPL, it looks like a copyleft licence but
I can't be certain because it is long, impenetrable legalese. (Why do
people insist on creating strange new licenses when we have BSD, Apache
and L/GPL?) I'd be much more comfortable if the client libraries that
this linked against were unambiguously permissive - I don't want
OpenSSH assuming some frankenlicense depending on which --enable-
options were selected at configure time.

* I'm also worried about libraries that are transitive dependencies.
How much will this bloat sshd? (we do care how many shared libraries we
link against).

* Are any GPL/LGPL libraries in the transitive dependency set? We won't
link against GPL and will avoid LGPL that too unless there was some
critical reason, i.e. "won't work on a platform without it".

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.