From: naruse@airemix.jp
To: ruby-core@ruby-lang.org
Subject: [ruby-core:92760] [Ruby trunk Feature#14915] Deprecate String#crypt
Date: Wed, 22 May 2019 05:47:21 +0000 (UTC) [thread overview]
Message-ID: <redmine.journal-78125.20190522054720.f55c4dcdfdb09f47@ruby-lang.org> (raw)
In-Reply-To: redmine.issue-14915.20180716175313@ruby-lang.org
Issue #14915 has been updated by naruse (Yui NARUSE).
Just removing deprecated feature doesn't provide additional value.
In this case UNIX crypt(3) is sometimes used as a basic building block.
Removing a wrapper of such block may cause a compatibility issue.
As usa says why OpenBSD still has `crypt(3)` is considered because of such reason.
If OpenBSD's `crypt(3)` is removed, it can be a time to remove this feature.
----------------------------------------
Feature #14915: Deprecate String#crypt
https://bugs.ruby-lang.org/issues/14915#change-78125
* Author: jeremyevans0 (Jeremy Evans)
* Status: Open
* Priority: Normal
* Assignee:
* Target version:
----------------------------------------
This method is system and implementation dependent, and the
portable usage mentioned in the documentation is not truly
portable (doesn't work on OpenBSD) and insecure as it uses DES.
For systems that lack a crypt(3) implementation, Ruby will
happily substitute a version that only supports DES. It's 2018,
using DES should be avoided if at all possible.
The only internal usage of String#crypt in Ruby is in Webrick,
where it uses DES for basic authentication with an htpasswd file.
That could and should be changed to use a more secure hash by
default (bcrypt since that's the most secure htpasswd format),
or at least allow the user to customize Webrick's authentication.
I expect there are few if any users actively using Webrick's
htpasswd support.
This moves the String#crypt implementation to the string/crypt
extension, but leaves the String#crypt core method. The core
method prints a deprecation warning, then loads the string/crypt
extension. The string/crypt extension undefines the String#crypt
core method, then defines the previous implementation.
Because extensions use extconf.rb instead of configure for their
configuration, this ports the related configure.ac code to
extconf.rb. I'm not sure that is done correctly and works on
all platforms, it will need testing.
For systems that lack a crypt(3) implementation, this modifies the
fallback code to only define crypt_r, since that is the only
function that String#crypt will call in that case.
While the patch just deprecates String#crypt, I think
we should plan to remove support from ruby:
2.6: core method deprecated
2.7: core method removed, string/crypt extension ships with ruby
2.8: string/crypt extension moves to external gem, not shipped
---Files--------------------------------
0001-Deprecate-String-crypt-move-implementation-to-string.patch (20.5 KB)
0001-Deprecate-String-crypt.patch (7.48 KB)
0001-Deprecate-String-crypt.patch (7.35 KB)
0001-Deprecate-String-crypt.patch (7.43 KB)
deprecate-string-crypt.patch (6.7 KB)
--
https://bugs.ruby-lang.org/
next prev parent reply other threads:[~2019-05-22 5:47 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <redmine.issue-14915.20180716175313@ruby-lang.org>
2018-07-16 17:53 ` [ruby-core:87959] [Ruby trunk Feature#14915] Deprecate String#crypt, move implementation to string/crypt merch-redmine
2018-07-16 18:36 ` [ruby-core:87961] " Eric Wong
2018-07-17 1:55 ` [ruby-core:87962] " merch-redmine
2018-07-17 4:36 ` [ruby-core:87965] " Eric Wong
2018-07-17 2:05 ` [ruby-core:87963] " shyouhei
2018-07-17 2:23 ` [ruby-core:87964] " merch-redmine
2018-07-17 4:39 ` [ruby-core:87966] " mame
2018-07-17 5:17 ` [ruby-core:87967] " shyouhei
2018-07-17 5:43 ` [ruby-core:87969] " merch-redmine
2018-07-18 8:18 ` [ruby-core:87986] " mame
2018-07-18 8:42 ` [ruby-core:87987] " Eric Wong
2018-07-19 2:11 ` [ruby-core:88000] " Urabe, Shyouhei
2018-07-20 8:51 ` [ruby-core:88013] " Eric Wong
2018-07-23 1:24 ` [ruby-core:88054] " Urabe, Shyouhei
2018-07-19 6:07 ` [ruby-core:88002] " merch-redmine
2018-07-20 8:53 ` [ruby-core:88014] " Eric Wong
2018-07-23 15:00 ` [ruby-core:88061] " Eric Wong
2018-07-21 4:19 ` [ruby-core:88038] " merch-redmine
2018-07-23 2:00 ` [ruby-core:88057] " merch-redmine
2018-07-23 16:17 ` [ruby-core:88064] " merch-redmine
2018-07-24 22:00 ` [ruby-core:88084] " merch-redmine
2018-07-24 22:33 ` [ruby-core:88085] " Eric Wong
2018-07-24 23:19 ` [ruby-core:88087] " merch-redmine
2018-07-25 3:04 ` [ruby-core:88095] " Eric Wong
2018-07-25 2:33 ` [ruby-core:88094] " shyouhei
2018-07-25 4:58 ` [ruby-core:88096] " merch-redmine
2018-07-25 5:09 ` [ruby-core:88097] " merch-redmine
2018-07-25 6:18 ` [ruby-core:88098] " shyouhei
2018-07-26 19:52 ` [ruby-core:88128] [Ruby trunk Feature#14915] Deprecate String#crypt merch-redmine
2018-10-16 23:00 ` [ruby-core:89425] " merch-redmine
2018-11-29 8:31 ` [ruby-core:90156] " merch-redmine
2018-11-29 10:30 ` [ruby-core:90159] " Eric Wong
2018-11-29 11:52 ` [ruby-core:90163] " mame
2018-11-29 22:15 ` [ruby-core:90176] " Eric Wong
2018-11-29 15:23 ` [ruby-core:90169] " merch-redmine
2018-12-03 1:55 ` [ruby-core:90235] " shyouhei
2018-12-03 4:11 ` [ruby-core:90244] " Eric Wong
2018-12-03 7:59 ` [ruby-core:90250] [Ruby trunk Feature#14915][Open] " shyouhei
2018-12-03 8:14 ` [ruby-core:90251] [Ruby trunk Feature#14915] " mame
2018-12-03 8:24 ` [ruby-core:90252] " Eric Wong
2019-01-15 17:52 ` [ruby-core:91108] " eregontp
2019-01-26 20:54 ` [ruby-core:91291] " Eric Wong
2019-02-05 16:53 ` [ruby-core:91412] " tom.enebo
2019-05-18 15:20 ` [ruby-core:92710] " merch-redmine
2019-05-20 22:17 ` [ruby-core:92731] " shevegen
2019-05-22 5:05 ` [ruby-core:92756] " usa
2019-05-22 5:08 ` [ruby-core:92757] " akr
2019-05-22 5:47 ` naruse [this message]
2019-05-23 5:17 ` [ruby-core:92792] " merch-redmine
2019-08-20 2:57 ` [ruby-core:94441] [Ruby master " mame
2019-08-20 3:10 ` [ruby-core:94442] " merch-redmine
2019-08-20 23:25 ` [ruby-core:94453] " mame
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.ruby-lang.org/en/community/mailing-lists/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=redmine.journal-78125.20190522054720.f55c4dcdfdb09f47@ruby-lang.org \
--to=ruby-core@ruby-lang.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).