Re: [Nmh-workers] Big patch: Add XOAUTH2 support for SMTP and POP

[Ken Hornstein]

>While I appreciate the effort put in to this work, I don't think the
>above statement is justification for putting this code into nmh when it
>really does belong in the external SASL provider libraries.
>
>Eric, have you approached the Cyrus people to see if they will accept
>the code?  I can't think of any reason why they wouldn't.

I looked on the SASL mailing lists; it's not clear to me who's
responsible for developing Cyrus SASL anymore, but there hasn't been a
release in 3 years (okay, my bad; there was a stealth 2.1.26 that was
released in 2012.  So, two years?).  There was someone working on OAUTH
for it here:

  http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2014-May/002726.html

But ... the overall impression I get is that Cyrus-SASL is kind of
languishing.  Also, from what I've seen at the first glance of Eric's code,
putting it into Cyrus-SASL is going to require some significant work
since there's extra stuff you need to do to before you login that doesn't
quite jibe with the SASL library implementation.

>The potential for code conflict here is pretty high.  What happens when
>the Cyrus SASL library grows its own OAUTH capabilities?  Most likely we
>would just end up ripping this code out again.  It would be much better
>if the OAUTH code was incorporated in the correct place to begin with
>(i.e. Cyrus).

Sigh.  I understand where you're coming from ... but I'll be honest.  My
dealings with the Cyrus SASL people haven't always been positive (okay,
that was a while ago, but still ... they're not so open).  My glance at
Eric's code is that it is reasonable (but I still need to look more closely);
if the choice is wait for someone to put this in Cyrus-SASL, or cram Eric's
code into nmh, well, I'm 100% voting for taking Eric's code into nmh.

--Ken