Anyone packaged python-ldap as part of a bigger package ?

[Jens Vagelpohl]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Apr 6, 2009, at 16:21 , Michael Ströder wrote:

> Jens Vagelpohl wrote:
>> For the customers' needs it's perfectly fine to just go with an older
>> version of python- ldap.
>
> As long as there aren't any security holes in older versions of
> python-ldap and/or libldap. Nobody will fix them.

I know all that. Think of a server that's on the LAN and not on the  
internet. No security issues expected, and there is no expectation  
that the old library will be secure. So really no worries whatsoever  
from that side.


>> Sometimes I've had to resort to building OpenLDAP separately, just to
>> use python-ldap, and just because I wanted to use the python-ldap egg
>> and the only eggs available are 2.3.x. Seems a bit silly, don't you
>> think?
>
> No, personally I don't think so. Given that even OpenLDAP 2.3 is  
> almost
> out-of-service it's wiser to go with a more recent version.

If you're maintaining older systems that have worked very well in the  
past and that don't have any benefit from later security/functionality  
enhancements (e.g. they don't need to be secured) then it becomes  
counterproductive to ask the customer to upgrade. Especially when  
there's no need to upgrade apart from "then I will have an easier time  
installing python-ldap".


> Hmm, will think about it. If someone has a urgent need I could provide
> older releases.

That's not the issue, though :-)  I know I can find them through  
Google, or by asking you. I'm only asking for an *easy* way of getting  
them that integrates well with automated buildouts - like eggs in a  
sane place such as PyPI.

jens


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAknaEasACgkQRAx5nvEhZLJpcQCfYSswi8mSKsL3yZ15cnCajUQb
LJQAn2KYt4OPUGh1Ihx3y9FgvfFNlbD7
=flwK
-----END PGP SIGNATURE-----