Re: [PATCH 0/4] Some improvements for git-imap-send

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 9, 2010 at 5:57 PM, Jeff King <peff@xxxxxxxx> wrote:
> On Tue, Feb 09, 2010 at 04:13:26PM +0100, Erik Faye-Lund wrote:
>
>> On Tue, Feb 9, 2010 at 4:06 PM, Jeff King <peff@xxxxxxxx> wrote:
>> > On Tue, Feb 09, 2010 at 09:09:01PM +0900, Hitoshi Mitake wrote:
>> >
>> >>  base64.c                        |  122 ++++++++
>> >>  base64.h                        |   36 +++
>> >>  md5.c                           |  600 +++++++++++++++++++++++++++++++++++++++
>> >>  md5.h                           |   61 ++++
>> >>  md5_hmac.c                      |  137 +++++++++
>> >>  md5_hmac.h                      |   36 +++
>> >
>> > That's a lot of extra code. Doesn't imap-send already conditionally
>> > compile against openssl for starttls support? Can't we just get all
>> > three of these algorithms from openssl?
>> >
>>
>> I don't think OpenSSL includes SASL-support that is needed for
>> STARTTLS. But it might make sense to use something like GSASL[1]
>> instead of rolling all the SASL-mechanisms ourselves.
>
> Did you mean "SASL-support that is needed for CRAM-MD5"? The SASL needed
> for that is pretty simple. Hitoshi's patch 3/4 does all of that already
> in less than 100 lines.  Using a "real" sasl library might get us more
> authentication methods than CRAM-MD5, but I don't know that anyone
> necessarily cares about them.
>

No, that's not what I meant. I agree that CRAM-MD5 should be
sufficient, but to be honest I'd already thought that once you have an
SSL connection, plaintext would also be sufficient. So I'm thinking of
this addition as a "hmpf, some server requires stuff that is really
over the top - perhaps we'll have this problem later with other
servers, and we'd be better off just using some well-tested
implementation". But that's kinda philosophical.

> But using openssl to replace the low-level routines in patches 1+2 would
> drop almost 1000 lines, and not significantly change his 3/4.
>
> Personally, I don't care either way about using a SASL library. It's an
> extra dependency, but one that is optional for this feature. But
> somebody will have to do the work to integrate it, whereas I think using
> openssl is only a few lines of change. If somebody wants to do that
> work, then great.
>

I agree.


-- 
Erik "kusma" Faye-Lund
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]