On Fri, Oct 29 2021, Alejandro Colomar (man-pages) wrote: > [Add a few CCs, since I mentioned them.] [I'm not sure what the full context of this thread is, but just replying from the POV of git@ being CC'd on this] > On 10/29/21 13:15, Alejandro Colomar wrote: >> Hi, >> As the manual pages says, SUSv2 marked it as LEGACY, and POSIX >> doesn't have it at all. The manual page goes further and says "This >> function is obsolete. Do not use it." in its first lines. >> But, glibc doesn't seem to have deprecated this function at all. >> And it seems to be the most portable way to get a password, even if >> it's not in POSIX. >> BSDs have readpassphrase(3), but glibc doesn't, so unless you >> recommend > > OpenBSD also marks getpass(3) as obsolete and recommends readpassphrase(3): > <https://man.openbsd.org/getpass> Simply not being familiar with that case: Is that suggestive of getpass(3) being bad to use in general, or a case where OpenBSD's deprecation of it makes sense holistically on that OS, but not necessarily elsewhere? Just skimming the linked man pages it looks like OpenBSD might have deprecated it at least partly due to getpass() accepting a password on stdin. Even within OpenBSD I wonder what that case means for software such as git. I.e. is it better to be portable and accept the same behavior on OpenBSD as elsewhere, or conform more closely to platform-specific conventions. I haven't looked closely out our getpass() integration, maybe that's a moot point either way. >> using readpassphrase(3) from libbsd, or plan to add it to glibc, I >> think getpass(3) should be the recommended function in Linux, and >> therefore we should remove the hard words against it. >> As a real example, git(1) uses getpass(3). >> <https://github.com/git/git/blob/master/compat/terminal.c> >> What are your thoughts? >> Thanks, >> Alex >> Just while we've got some OpenBSD people CC'd (added the devel/git maintainers). I occasionally test git on OpenBSD myself (on the GCC farm), and we've got a few broken tests on the platform. Looking at the ports source there's at least a couple of OpenBSD portability patches in there that would make sense to upstream. So if that's easy for you or you're willing to submit them upstream we'd be happy to take them. Usually the only reason we haven't fixed things like that already is because nobody told us, and we're not actively looking into the local patches local packagers apply.
