Control: -1 tags +wontfix Hello Josip,
On 6/4/18 2:16 PM, Josip Rodin wrote: > For some reason there exists an expect script in > /usr/lib/courier/courier-authlib/authsystem.passwd > which seems to be calling passwd(1), > which causes courier-authlib to depend on expect(1), > which in turn has a bunch of other dependencies, > which in turn gets installed on all systems where users want packages > that happen to depend on courier-authlib (regardless of whether those > users actually use the authlib's facilities) the authlib library itself actually provides means to change passwords, using expect in case you're using system accounts (as opposed to some database for example). The recommendation to install expect therefore seems entirely justified. It's not like you cannot remove it or ignore the recommendation. > In my case, the latter is maildrop, which honestly I have no idea whatsoever > how it could ever come into a situation where it would want the > authentication subsystem to invoke a user password change. Ugh.. how else would you change the password, if not via the authentication subsystem? > In fact I'm pretty sure someone would slap us with a critical security bug > if it ever came to pass that a mail filtering utility was even attempting > to manipulate the password of a user for whom it was filtering mail. I agree here. > Please separate this functionality from the library package into a separate > package, which can then depend on and invoke whatever it needs. I fear that's not possible, as it would mean splitting the library itself. Please speak up if you have ideas or wishes on what the packaging could do to improve your use case. Otherwise, I'll close this issue. Kind Regards Markus Wanner
signature.asc
Description: OpenPGP digital signature
