Opened 15 months ago

Closed 14 months ago

Last modified 14 months ago

#67974 closed enhancement (fixed)

john-jumbo @1.9.0_2: explain difference between ports "john" and "john-jumbo"

Reported by: JDLH (Jim DeLaHunt) Owned by: catap (Kirill A. Korinsky)
Priority: Normal Milestone:
Component: ports Version: 2.8.1
Keywords: Cc:
Port: john-jumbo john

Description

The port info for ports "john" and "john-jumbo" are identical (except for licence). This makes it confusing for the reader to tell how they are different. The port description should explain this.

How to Reproduce:

% port info john john-jumbo

Observed behaviour:

% port info john john-jumbo
john @1.9.0_1 (sysutils, security)
Sub-ports:            john-jumbo

Description:          John the Ripper is a UNIX password cracker, currently available for UNIX (tested with Linux x86, FreeBSD x86, Solaris 2.x SPARC, OSF/1 Alpha), DOS, WinNT/Win95.
Homepage:             https://www.openwall.com/john/

Extract Dependencies: xz
Conflicts with:       john-jumbo
Platforms:            darwin
License:              (GPL-2+ or OpenSSLException)
Maintainers:          none
--
john-jumbo @1.9.0_2 (sysutils, security)
Variants:             universal

Description:          John the Ripper is a UNIX password cracker, currently available for UNIX (tested with Linux x86, FreeBSD x86, Solaris 2.x SPARC, OSF/1 Alpha), DOS, WinNT/Win95.
Homepage:             https://www.openwall.com/john/

Extract Dependencies: xz
Library Dependencies: openssl
Conflicts with:       john
Platforms:            darwin
License:              GPL-2 and GPL-3+ and Apache-2 and Restrictive
Maintainers:          none

Expected behaviour: Some text in the description which explains the difference. Points to include: both ports are from the same project (i.e. john-jumbo is not a fork of john); john contains the core code; john-jumbo includes everything in john plus a lot of contributed code.

Discussion:

Upstream's website https://www.openwall.com/john/ uses the terms john and jumbo on its main page, but does not include a clear explanation of the difference. That is a pity. I would rather than MacPorts copy their clear explanation than write its own.

There is a single portfile for john which defines john-jumbo as a conflicting subport. This portfile is what needs to be enhanced.

Change History (8)

comment:1 Changed 15 months ago by ryandesign (Ryan Carsten Schmidt)

Perhaps you could ask the developers to add a clear explanation of the difference to their web site? Once they do, you could submit a pull request to update the description in the subport.

comment:2 Changed 15 months ago by JDLH (Jim DeLaHunt)

I see a better description on upstream's Readme.md file:

John the Ripper is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latter requires a contributed patch). Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plus hundreds of additional hashes and ciphers in "-jumbo" versions.

It would help just to use this in place of the current Description, IMHO.

And yes, it would be even better to suggest to upstream a clearer description of the difference between the core and -jumbo versions. I think their wording "out of the box" is a little unclear.

Even so, I would be tempted to add an extra sentence to the above MacPorts Description paragraph in each of the ports, something like:

  • Port "john" is just the "out of the box" code from the project developers.
  • Port "john-jumbo" includes user-contributed code with the hundreds of additional hashes and ciphers, as well as the "out of the box" code from the project developers.

comment:3 Changed 14 months ago by catap (Kirill A. Korinsky)

Owner: set to catap
Resolution: fixed
Status: newclosed

In 061c6023c18b92e8c2291824210f7d703bdb6dc4/macports-ports (master):

john-jumbo: fix build on arm64; add devel subport; claim maintainership

Closes: #42379
Closes: #62859
Closes: #67973
Closes: #67974
Closes: #67975

comment:4 Changed 14 months ago by JDLH (Jim DeLaHunt)

@catap, thank you for the fixes to the john and john-jumbo ports. However, I think that 061c6023c18b92e8c2291824210f7d703bdb6dc4/macports-ports does not address this ticket. None of the descriptions for john* describe the three members of the john* set of ports. The descriptions for john-jumbo and john-jumbo-devel lack even the basic fact that john is a password cracker. I request that you reopen this ticket. I may submit a pull request improving the description as I suggested in the comments above.

comment:5 Changed 14 months ago by catap (Kirill A. Korinsky)

Jim, I've used official description of the project.

From my point of view differences is quite clear now.

See: https://ports.macports.org/search/?q=john&name=on

comment:6 Changed 14 months ago by JDLH (Jim DeLaHunt)

Kiril:

Respectfully, I disagree that the current descriptions are clear enough.

In [​https://ports.macports.org/search/?q=john&name=on] (or in port search john\*), I see that the "description" strings of the three ports are somewhat clear, if an only if you read them together.

However, my position is that port info john (or https://ports.macports.org/port/john/) should give enough information about the alternative ports and subports that a user can tell which is the right one for them. A portfile developer will know a lot about the upstream software, and what the various subports do. Ordinary users will not. I think it is important to set that knowledge aside when considering if the description and long_description of a port is adequate.

What I see now is, "Description: John the Ripper is a UNIX password cracker, currently available for UNIX (tested with Linux x86, FreeBSD x86, Solaris 2.x SPARC, OSF/1 Alpha), DOS, WinNT/Win95." It does not describe the john-jumbo or john-jumbo-devel ports, and how they differ from the john, the base port.

Looking at port info john-jumbo (or https://ports.macports.org/port/john-jumbo/), I see, "Description: This is the community-enhanced, jumbo version of John the Ripper." It does not say what John the Ripper does. It does not say how john-jumbo differs from john-jumbo-devel . port info john-jumbo-devel (or https://ports.macports.org/port/john-jumbo-devel/) has the identical description to john-jumbo, with no description that -devel has the recent code, while john-jumbo has code which is several years old (version 1.9.0).

comment:7 in reply to:  6 ; Changed 14 months ago by catap (Kirill A. Korinsky)

Replying to JDLH:

Respectfully, I disagree that the current descriptions are clear enough.

Let make things clear and fast.

May you provide description strings which is looks good for all that 3 ports?

comment:8 in reply to:  7 Changed 14 months ago by JDLH (Jim DeLaHunt)

Replying to catap:

…Let make things clear and fast.

May you provide description strings which is looks good for all that 3 ports?

Yes, that is a good way to proceed. I will make a Pull Request with the description and long_description strings which make sense to me. Then you and others can review it and give me your comments.

Note: See TracTickets for help on using tickets.