Bug 53822

Summary:	gentoo prefers mit-krb5, which is US crypto
Product:	Gentoo Linux	Reporter:	mj
Component:	New packages	Assignee:	Robin Johnson <robbat2>
Status:	RESOLVED WONTFIX
Severity:	blocker
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description mj 2004-06-13 11:26:42 UTC

It is almost impossible to not use mit-krb5, even when heimdal is installed and specified in ebuilds. MIT-krb5 is US crypto, and as such is not suitable as a default crypto package for a linux distribution. Especially since heimdal has an almost identical API, and packages which compile against mit-krb5 usually also compile against heimdal.

Reproducible: Always
Steps to Reproduce:
1. put kerberos in make.conf USE flag
2. emerge -vp openldap
3.

Actual Results:  
I had heimdal installed already and openldap and cyrus-sasl ebuilds are
hardcoded to use mit-krb5.

Expected Results:  
It should have detected that I already have heimdal kerberos installed, and not
try to install mit-krb5 (and thus remove heimdal).

Comment 1 James Kyte 2004-06-13 21:59:10 UTC

The mit-krb5 dependency has been changed to virtuals/krb5 in openldap ebuilds >=2.1.27. Either wait for it to be unmasked or add it to /etc/portage/package.keywords.

Comment 2 Robin Johnson archtester

2004-06-14 01:41:58 UTC

the problem is 'almost identical API'.
earlier than openldap-2.1.27 doesn't build against heimdal, the last time I checked at least (quite a while ago).

if you'd like to go thru _every_ ebuild that currently lists mit-krb5, and check that it complies against heimdal and works properly, and leave a list of those ebuilds here, I will change them to virtuals/krb5 for you.

I live outside the US. Provided that it works, and it is reasonably secure, I'm not really concerned about crazy crypto laws.

Comment 3 Robin Johnson archtester

2004-08-30 12:43:52 UTC

no response from poster.