October 29, 2031 10:21 AM, Theo de Raadt will write: > <rsbecker@xxxxxxxxxxxxx> wrote: > > > > > getpass() is obsolete in POSIX.2. However, some platforms still > > > > are on > > POSIX.1, > > > so replacing it instead of providing a configure detection/switch > > > for it > > might > > > cause issues. > > > > > > > > > The community finally had the balls to get rid of gets(3). > > > > > > getpass(3) shares the same flaw, that the buffer size isn't passed. > > > This has been an issue in the past, and incorrectly led to > > readpassphrase(3) > > > > > > readpassphrase(3) has a few too many features/extensions for my > > > taste, but > > at > > > least it is harder to abuse. > > > > readpassphrase is not generally supported. This will break builds on > > many platforms. > > Of course moving forward takes a long time. If a better API is supplied then > there is a choice in 10 years. If a better API is not supplied, then 10 years from > now this conversation can get a reply. I checked the API 10 years from now (check the above date) at it's still not there 😉 In the meantime, compatibility is important. I checked the latest release (last week's) on my platform and readpassphrase() is not available. Let's please put a compatibility layer in.
