[asterisk-dev] SHA1 and MD5 code?

Tilghman Lesher tilghman at meg.abyt.es
Fri Oct 14 09:01:49 CDT 2011


On Fri, Oct 14, 2011 at 8:19 AM, Russell Bryant
<russell at russellbryant.net> wrote:
> On Fri, Oct 14, 2011 at 1:18 AM, Tilghman Lesher <tilghman at meg.abyt.es> wrote:
>> On Thu, Oct 13, 2011 at 6:29 PM, Jeffrey Ollie <jeff at ocjtech.us> wrote:
>>> On Thu, Oct 13, 2011 at 3:45 PM, Tilghman Lesher <tilghman at meg.abyt.es> wrote:
>>>>
>>>> An extra dependency is an extra dependency.  We've tried to limit the number
>>>> of dependencies that Asterisk has.
>>>
>>> I hate to have to break it to you, but if you're talking about
>>> optional dependencies you've utterly failed.  The Fedora Asterisk
>>> package pulls in around ~50 packages explicitly, and who knows how
>>> many other packages implicitly.
>>
>> Did I miss something?  Last I checked, this was not a Fedora list.  What
>> package maintainers do is routinely quite a bit different from what source
>> maintainers do.  If people ask for support, the first thing that we ask of them
>> is to either install the packages we built or build an unadulterated
>> tarball from
>> the Asterisk download server.
>
> Tilghman, your attitude sucks, and certainly doesn't represent that of
> "we" if you mean the Asterisk developers at large when you said "we".
> How do people install virtually everything they use on their Linux
> systems?  From a package.  Why would you be a jerk to the people that
> work to help make your software easier to install and maintain?

I apologize; I meant Digium support.  Neither you nor I are part of
that company,
now, so if somebody from Digium support would like to comment on whether
or not that policy is still part of the playbook, I'm sure that would clarify.

>>> I have no idea what the absolute minimum requirements are - it's not
>>> really a use case I'm personally interested in.
>>
>> Those of us who have worked for resellers either in the past or in the present
>> like to load as few modules as possible for production use.  The less code in
>> the runtime, the less that can go wrong.
>
> Sure, but for the package, obviously it makes sense to build as much
> as possible.

If you're building a monolithic package, yes.  Packages in some systems
are built to allow a minimal installation, with lots of optional packages
representing other functionality.  This limits the number of dependencies
necessary to install the core system.  As an example, FreeBSD does this
with PHP.

>>>> Now, something that could be done that
>>>> would be welcome would be to detect whether the OpenSSL library was
>>>> available; if it was, we would use it and remove the MD5/SHA1 code from the
>>>> link step.  Debian contributed a patch that does this similarly with the libgsm
>>>> code.
>>>
>>> Schemes like this always strike me as a hack, plus you increase the
>>> amount of testing that you need to do because certain tests need to be
>>> run twice, once with OpenSSL linked in and once without.
>>
>> Well, that's also true of plenty of other modules.  App_voicemail is a prime
>> example, as it needs to be compiled once with file support, once with ODBC
>> support, and once with IMAP support.
>
> app_voicemail is an even worse hack.  Examples of a worse hack don't
> make the previous hack any better.

Fair enough.  The alternative, though, would be not to allow Debian's change
into the source repository, since not all operating systems package
libgsm.  The few
solid dependencies we do have are packages (like ncurses) where it would be
difficult to inline the code because the platforms are divergent (Linux,
Solaris, Mac OS X, *BSD).

>>> BTW, it'd be nice to eliminate libedit from main/editline as well.
>>
>> If you can find a library with equivalent functionality that is
>> compatible with the
>> licensing scheme of Asterisk, we're all ears.  Note that libreadline
>> is GPL and is
>> thus incompatible with the dual licensing of Asterisk.
>
> I think the point here was to simply rely on the system packaged
> version of libedit.  I believe it's in Fedora, Debian, Ubuntu, but I
> haven't gone and looked this minute beyond Fedora.

How about Slackware, Solaris, Mac OS X?  Asterisk goes far beyond
being just a Linux-only package.

-Tilghman



More information about the asterisk-dev mailing list