Anyone packaged python-ldap as part of a bigger package ?
Jens Vagelpohl
jens at dataflake.org
Mon Apr 6 16:28:59 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Apr 6, 2009, at 16:21 , Michael Ströder wrote:
> Jens Vagelpohl wrote:
>> For the customers' needs it's perfectly fine to just go with an older
>> version of python- ldap.
>
> As long as there aren't any security holes in older versions of
> python-ldap and/or libldap. Nobody will fix them.
I know all that. Think of a server that's on the LAN and not on the
internet. No security issues expected, and there is no expectation
that the old library will be secure. So really no worries whatsoever
from that side.
>> Sometimes I've had to resort to building OpenLDAP separately, just to
>> use python-ldap, and just because I wanted to use the python-ldap egg
>> and the only eggs available are 2.3.x. Seems a bit silly, don't you
>> think?
>
> No, personally I don't think so. Given that even OpenLDAP 2.3 is
> almost
> out-of-service it's wiser to go with a more recent version.
If you're maintaining older systems that have worked very well in the
past and that don't have any benefit from later security/functionality
enhancements (e.g. they don't need to be secured) then it becomes
counterproductive to ask the customer to upgrade. Especially when
there's no need to upgrade apart from "then I will have an easier time
installing python-ldap".
> Hmm, will think about it. If someone has a urgent need I could provide
> older releases.
That's not the issue, though :-) I know I can find them through
Google, or by asking you. I'm only asking for an *easy* way of getting
them that integrates well with automated buildouts - like eggs in a
sane place such as PyPI.
jens
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAknaEasACgkQRAx5nvEhZLJpcQCfYSswi8mSKsL3yZ15cnCajUQb
LJQAn2KYt4OPUGh1Ihx3y9FgvfFNlbD7
=flwK
-----END PGP SIGNATURE-----
More information about the python-ldap
mailing list