[asterisk-dev] SHA1 and MD5 code?

Russell Bryant russell at russellbryant.net
Fri Oct 14 08:19:39 CDT 2011 

On Fri, Oct 14, 2011 at 1:18 AM, Tilghman Lesher <tilghman at meg.abyt.es> wrote:
> On Thu, Oct 13, 2011 at 6:29 PM, Jeffrey Ollie <jeff at ocjtech.us> wrote:
>> On Thu, Oct 13, 2011 at 3:45 PM, Tilghman Lesher <tilghman at meg.abyt.es> wrote:
>>>
>>> An extra dependency is an extra dependency.  We've tried to limit the number
>>> of dependencies that Asterisk has.
>>
>> I hate to have to break it to you, but if you're talking about
>> optional dependencies you've utterly failed.  The Fedora Asterisk
>> package pulls in around ~50 packages explicitly, and who knows how
>> many other packages implicitly.
>
> Did I miss something?  Last I checked, this was not a Fedora list.  What
> package maintainers do is routinely quite a bit different from what source
> maintainers do.  If people ask for support, the first thing that we ask of them
> is to either install the packages we built or build an unadulterated
> tarball from
> the Asterisk download server.

Tilghman, your attitude sucks, and certainly doesn't represent that of
"we" if you mean the Asterisk developers at large when you said "we".
How do people install virtually everything they use on their Linux
systems?  From a package.  Why would you be a jerk to the people that
work to help make your software easier to install and maintain?

The Fedora package includes a few patches, but they are very minor.
Your comments are not so relevant anymore, and come from the days when
people would report problems with a patch set like bristuff, which I
haven't seen come up on the bug tracker in a _long_ time.

>> I have no idea what the absolute minimum requirements are - it's not
>> really a use case I'm personally interested in.
>
> Those of us who have worked for resellers either in the past or in the present
> like to load as few modules as possible for production use.  The less code in
> the runtime, the less that can go wrong.

Sure, but for the package, obviously it makes sense to build as much
as possible.

>>> Now, something that could be done that
>>> would be welcome would be to detect whether the OpenSSL library was
>>> available; if it was, we would use it and remove the MD5/SHA1 code from the
>>> link step.  Debian contributed a patch that does this similarly with the libgsm
>>> code.
>>
>> Schemes like this always strike me as a hack, plus you increase the
>> amount of testing that you need to do because certain tests need to be
>> run twice, once with OpenSSL linked in and once without.
>
> Well, that's also true of plenty of other modules.  App_voicemail is a prime
> example, as it needs to be compiled once with file support, once with ODBC
> support, and once with IMAP support.

app_voicemail is an even worse hack.  Examples of a worse hack don't
make the previous hack any better.

>> BTW, it'd be nice to eliminate libedit from main/editline as well.
>
> If you can find a library with equivalent functionality that is
> compatible with the
> licensing scheme of Asterisk, we're all ears.  Note that libreadline
> is GPL and is
> thus incompatible with the dual licensing of Asterisk.

I think the point here was to simply rely on the system packaged
version of libedit.  I believe it's in Fedora, Debian, Ubuntu, but I
haven't gone and looked this minute beyond Fedora.

-- 
Russell Bryant

More information about the asterisk-dev mailing list