[Bug 1450] Support for ConsoleKit on Linux through dbus calls
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 25 13:03:04 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1450
--- Comment #4 from Damien Miller <djm at mindrot.org> 2008-03-25 13:03:01 ---
I don't like this patch, for the following reasons.
On the patch itself, it seems like a really bad approach:
* We already have a working policy mechanism for OpenSSH in the form of
sshd_config Match blocks. Adding another is confusing and potentially
dangerous.
* Likewise, why duplicate utmp/wtmp? We are going to have to maintain
this in perpetuity anyway so why add a parallel mechanism? (to every
system process that handles logins!)
* Alerting an administrator that there are still logged in users can
easily be done by checking utmp/wtmp, so this patch doesn't provide a
clear benefit there either.
* That a simple registration mechanism requires >250 lines of new code
is a sure sign that the API is either horrendously overengineered or
insufficiently abstracted.
* If something like this is required, wouldn't it make more sense to
build it into a small helper program (e.g. something like utempter) so
every daemon could use it? (We'd be interested in patches to make sshd
use utempter BTW)
On dependencies:
* I'm not familiar with the AFPL, it looks like a copyleft licence but
I can't be certain because it is long, impenetrable legalese. (Why do
people insist on creating strange new licenses when we have BSD, Apache
and L/GPL?) I'd be much more comfortable if the client libraries that
this linked against were unambiguously permissive - I don't want
OpenSSH assuming some frankenlicense depending on which --enable-
options were selected at configure time.
* I'm also worried about libraries that are transitive dependencies.
How much will this bloat sshd? (we do care how many shared libraries we
link against).
* Are any GPL/LGPL libraries in the transitive dependency set? We won't
link against GPL and will avoid LGPL that too unless there was some
critical reason, i.e. "won't work on a platform without it".
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list