[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config
Alejandro Colomar
alx.manpages at gmail.com
Sun Mar 12 15:52:34 GMT 2023
Hi Bálint,
On 3/12/23 16:38, Bálint Réczey wrote:
>> 142 lines of a function definition are not something I'd consider easy to
>> maintain. Is it a big deal to add another dependency? I'd say it's a
>> bigger deal to copy verbatim so many lines of code, and sync them from
>> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they
>> apply. That's exactly the purpose of libbsd, so I think relying on them
>> should be fine.
>
> The function does not change often. It changed two times in the last 13 years:
> https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c
>
> I'd be happy to add a GitHub Action job or an autopkgtest in Debian to
> check if shadow's local copy needs an update.
>
> Depending on libbsd would pull the library into every single docker
> container image increasing their size and would make libbsd part of
> the pseudo-essential set, thus I prefer not depending on it for a few
> lines of code.
libbsd0 is only ~ 200 kB (installed size). That should be
insignificant compared to a Debian docker image, or even to the
shadow packages.
libsubid4 is ~ 300 kB
uidmap is ~ 300 kB
login is ~ 2.6 MB
passwd is ~ 2.8 kB
And the unstable-slim Debian Docker image is around 28 MB
(compressed size).
Moreover, having this libbsd part of the pseudo-essential set would
allow many other packages to rely on it, thus deduplicating the
copies that some projects currently do to avoid depending on it,
so the total distribution size could even shrink in the long term.
Cheers,
Alex
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20230312/0e144532/attachment.sig>
More information about the Pkg-shadow-devel
mailing list