On Fri, Mar 18, 2005 at 09:47:46AM +0100, Kaare Hviid wrote: > I'm sorry I didn't notice this earlier. One of the "non-standard > services" using Kerberos 4, is old legacy mail servers, in particular > at universities, which is probably why Ximian put it in Evolution in > the first place. I really can't see why plain text authentication > over the wire (which it _does_ support) is to be preferred over > Kerberos 4 authentication. I do, however, see other reasons as to why > it would be good to get rid of Kerberos 4 in Debian, but I'm not going > to discuss that here.
It is to be preferred because krb4 has inherent flaws that make it little better than plaintext authentication. Krb4 should only be enabled in response to specific user demand for compatibility; AFAICT, it was enabled in evolution only as a result of an accident of the build environment. > Now, heimdal-dev will automatically bring in kerberos4kth-dev - by > adding a Build-Conflicts against kerberos4kth-dev you are effectively > forbidding linking against Heimdal Kerberos 5. I don't know the > specific reasons as to why heimdal-dev brings in kerberos4kth-dev - the > maintainers probably have good reasons for this. However, the package could build-depend on libkrb5-dev instead. Or, it could drop the build-conflict and build-depend on heimdal-dev, but be fixed to not enable support for the deprecated, never-standardized krb4 POP protocol. > diff -Naur evolution-2.0.4/debian/control evolution-2.0.4.fixed/debian/control > --- evolution-2.0.4/debian/control 2005-03-18 08:53:28.484408588 +0100 > +++ evolution-2.0.4.fixed/debian/control 2005-03-18 08:53:02.945960213 > +0100 > @@ -2,8 +2,8 @@ > Section: gnome > Priority: optional > Maintainer: Takuo KITAME <[EMAIL PROTECTED]> > -Build-Depends: bison, intltool (>= 0.28-2), debhelper (>= 4.2.21), > libgal2.2-dev (>= 2.2.5), gtkhtml3.2 (>= 3.2.5), libgtkhtml3.2-dev (>= > 3.2.5), libbonoboui2-dev (>= 2.4.2), libldap2-dev (>= 2.0.23), libgnome2-dev > (>= 2.6), libnss-dev (>= 2:1.7), scrollkeeper, psmisc, libsoup2.2-dev (>= > 2.2.1-1), libpam-dev, gnome-common, autotools-dev (>= 20030717.1), > libgnome-pilot2-dev, evolution-data-server-dev (>= 1.0.4), automake1.7, > libgail-dev (>= 1.4.1), libcompfaceg1-dev, gnome-icon-theme (>= 1.2.0), cdbs, > libdb4.2-dev > -Build-Conflicts: evolution-data-server (<< 1.0.0), evolution1.5, > kerberos4kth-dev > +Build-Depends: bison, intltool (>= 0.28-2), debhelper (>= 4.2.21), > libgal2.2-dev (>= 2.2.5), gtkhtml3.2 (>= 3.2.5), libgtkhtml3.2-dev (>= > 3.2.5), libbonoboui2-dev (>= 2.4.2), libldap2-dev (>= 2.0.23), libgnome2-dev > (>= 2.6), libnss-dev (>= 2:1.7), scrollkeeper, psmisc, libsoup2.2-dev (>= > 2.2.1-1), libpam-dev, gnome-common, autotools-dev (>= 20030717.1), > libgnome-pilot2-dev, evolution-data-server-dev (>= 1.0.4), automake1.7, > libgail-dev (>= 1.4.1), libcompfaceg1-dev, gnome-icon-theme (>= 1.2.0), cdbs, > libdb4.2-dev, heimdal-dev > +Build-Conflicts: evolution-data-server (<< 1.0.0), evolution1.5 > Standards-Version: 3.6.1.0 > > Package: evolution > diff -Naur evolution-2.0.4/debian/rules evolution-2.0.4.fixed/debian/rules > --- evolution-2.0.4/debian/rules 2005-03-18 08:53:28.484408588 +0100 > +++ evolution-2.0.4.fixed/debian/rules 2005-03-18 08:52:16.595221181 > +0100 > @@ -33,7 +33,7 @@ > --without-openssl-libs \ > --disable-gtk-doc \ > --enable-pilot-conduits \ > - --with-krb4=/usr \ > + --without-krb4 \ > --with-krb5=/usr \ > --enable-ipv6 \ > --disable-openssl \ That would be a reasonable fix, IMHO. Cheers, -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
