Package: courier-authlib
Hi,
For some reason there exists an expect script in
/usr/lib/courier/courier-authlib/authsystem.passwd
which seems to be calling passwd(1),
which causes courier-authlib to depend on expect(1),
which in turn has a bunch of other dependencies,
which in turn gets installed on all systems where users want packages
that happen to depend on courier-authlib (regardless of whether those
users actually use the authlib's facilities)
In my case, the latter is maildrop, which honestly I have no idea whatsoever
how it could ever come into a situation where it would want the
authentication subsystem to invoke a user password change.
In fact I'm pretty sure someone would slap us with a critical security bug
if it ever came to pass that a mail filtering utility was even attempting
to manipulate the password of a user for whom it was filtering mail.
And they would not be wrong, because that scenario sounds like an
abomination. I sincerely hope it is not practically possible.
Please separate this functionality from the library package into a separate
package, which can then depend on and invoke whatever it needs.
TIA.
--
2. That which causes joy or happiness.
