Deleting parameters.

Andrew Tridgell tridge at
Sat Nov 10 16:35:02 GMT 2001

> Of course I'm sure tridge will disagree with this.... :-) :-).

yes, I disagree. There are some parameters that are just too evil to
live. A good example is the old krb4 and krb5 configure
parameters. They should be removed because:

1) they required compile time changes, which very few people do

2) they only work with plaintext passwords on the wire, which means
   they need client hacks

3) they are completely superceded by our new kerberos code

Same goes for the SSL support code. It is a nasty, gross hack that
makes our code harder to maintain.

What you forget about in your view on keeping parameters is that there
is a tradeoff between keeping old parameters and keeping the code
maintained. Leaving in code that nobody actively maintains and that
makes the code less maintainable increases the number of bugs for
*everyone*, whereas keeping the parameter helps maybe one person who
happens to use that parameter. We do not have the resources to
maintain such patches when so few people use them. If someone pops up
and (credibly) says that they will maintain and *test* the patch then
fine, we can keep it, but if there is nobody who will do that then we
must drop it.

Having a badly maintained security option is *much worse* than not
having it at all.

Andrew and I will be removing some of these unmaintained options from
the head branch. If you want to put them back in, then fine, but
please don't do so unless you can guarantee they will be maintained. I
know you don't have the time to do it yourself, so you'll have to find
someone willing to do it. If you can't then don't add it back in.

Cheers, Tridge

More information about the samba-technical mailing list