Closed rogersm closed 6 years ago
My personal preference is to include the src files to increase portability (a handful of web frameworks I've seen prefer to use a built-in bcrypt over an external library). Anyone else have any thoughts?
I've been a long-time open source developer, so I always tend to err on the side of not bundling dependencies unless you have a good way to keep them updated (like how it works with cargo in Rust, npm in Node, or whatever dependency manager de jour in Go).
That being said, I always bundle Lua when I use it....so there's that. I won't object either way.
I agree with this, but C is the exception in that it isn't afforded the same package management as more modern languages.
Speaking of which, are there any package managers for C? Because I'd push to use one of there is.
I'm pretty sure the vast majority of people just use the distribution package managers when it comes to C programs/libraries. I seem to recall every time someone tries to build a package manager for C similar to the other tools I mentioned, it turns out awful and gets no uptake.
Ok, let's add the three files in the codebase for now. I will also create a tool to set/check the passwords from the operating system so the sysadm can change them from outside the mud.
Currently guildmud is using the old unix crypt(3) function to encrypt user passwords.
Before PR 6 guildmud used the OS crypt, but this required some external linkage and was not supported by some unices. To ensure compilation in as many OS as possibles PR 6 added the crypt code from unix v7 to the guildmud basecode.
The problem is the standard crypt has been broken for more than 10 years and we need to provide something more secure.
Current standard is to deploy bcrypt. My proposal is to deploy bcrypt, but before that I need your opinion:
For review, package can be found here, filename is crypt_blowfish.1.3.tar.gz
Comments?