From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <deraadt@openbsd.org>
Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3])
 by sourceware.org (Postfix) with ESMTP id ED7463858408
 for <libc-alpha@sourceware.org>; Fri, 29 Oct 2021 14:21:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org ED7463858408
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=openbsd.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=openbsd.org
Received: from cvs.openbsd.org (localhost [127.0.0.1])
 by cvs.openbsd.org (OpenSMTPD) with ESMTP id a4d3deee;
 Fri, 29 Oct 2021 08:21:18 -0600 (MDT)
From: "Theo de Raadt" <deraadt@openbsd.org>
To: rsbecker@nexbridge.com
cc: "'Alejandro Colomar \(man-pages\)'" <alx.manpages@gmail.com>,
 "'Libc-alpha'" <libc-alpha@sourceware.org>,
 "'linux-man'" <linux-man@vger.kernel.org>, git@vger.kernel.org,
 tech@openbsd.org
Subject: Re: Is getpass(3) really obsolete?
In-reply-to: <00e401d7cccf$ccde0d40$669a27c0$@nexbridge.com>
References: <a0371f24-d8d3-07d9-83a3-00a4bf22c0f5@gmail.com>
 <73ac38a2-c287-4cc1-4e9c-0f9766ac4c0c@gmail.com>
 <00d501d7ccbe$0169c340$043d49c0$@nexbridge.com>
 <63238.1635515736@cvs.openbsd.org>
 <00e401d7cccf$ccde0d40$669a27c0$@nexbridge.com>
Comments: In-reply-to <rsbecker@nexbridge.com>
 message dated "Fri, 29 Oct 2021 10:18:04 -0400."
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <4441.1635517278.1@cvs.openbsd.org>
Date: Fri, 29 Oct 2021 08:21:18 -0600
Message-ID: <73029.1635517278@cvs.openbsd.org>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 SPF_HELO_PASS, SPF_PASS autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Oct 2021 14:21:21 -0000

<rsbecker@nexbridge.com> wrote:

> > > getpass() is obsolete in POSIX.2. However, some platforms still are on
> POSIX.1,
> > so replacing it instead of providing a configure detection/switch for it
> might
> > cause issues.
> > 
> > 
> > The community finally had the balls to get rid of gets(3).
> > 
> > getpass(3) shares the same flaw, that the buffer size isn't passed.
> > This has been an issue in the past, and incorrectly led to
> readpassphrase(3)
> > 
> > readpassphrase(3) has a few too many features/extensions for my taste, but
> at
> > least it is harder to abuse.
> 
> readpassphrase is not generally supported. This will break builds on many
> platforms.

Of course moving forward takes a long time.  If a better API is supplied
then there is a choice in 10 years.  If a better API is not supplied,
then 10 years from now this conversation can get a reply.