From owner-freebsd-current  Fri Mar 31  0:33:58 2000
Delivered-To: freebsd-current@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by hub.freebsd.org (Postfix) with ESMTP id A866937B975
	for <current@freebsd.org>; Fri, 31 Mar 2000 00:33:55 -0800 (PST)
	(envelope-from jkh@zippy.cdrom.com)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id AAA98577;
	Fri, 31 Mar 2000 00:34:55 -0800 (PST)
	(envelope-from jkh@zippy.cdrom.com)
To: Bill Fenner <fenner@research.att.com>
Cc: current@freebsd.org
Subject: Re: So, AGAIN, why was tcpdump moved? 
In-reply-to: Your message of "Fri, 31 Mar 2000 00:28:22 PST."
             <200003310828.AAA02707@windsor.research.att.com> 
Date: Fri, 31 Mar 2000 00:34:54 -0800
Message-ID: <98574.954491694@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Just out of curiosity, why is there an "AGAIN" in the subject line,
> since this is the first email I've gotten on the subject?

Sorry, the first queries about this probably didn't go directly to you
since it was only yesterday that I actually bothered to go track down
the specific commit which resulted in this behavior in 4.0-RELEASE.
There's been general mutterings but no conclusions.

> tcpdump is capable of decrypting ESP, if you give it the key and if it's
> linked with libcrypto.  Since IPSEC is part of FreeBSD, and libcrypto
> is part of FreeBSD, I figured it would be a nice thing to have.

Agreed.

> It didn't occur to me that this would change where tcpdump lived
> (i.e.  it seemed like libcrypto was part of FreeBSD) so it wasn't an
> explicit choice on my part to move distributions.  I agree that's a bad
> side effect.  It's easy to disable the decrypting-ESP feature if the
> disadvantage of having it is greater than the advantage.

I think most people are pretty flabbergasted that tcpdump is gone from
the bindist, so yes, we should definitely see to this side-effect.
That said, isn't there some way we could build it twice, once for the
crypto dist and once for the bindist?  That would mean that the crypto
distribution copy simply blops over the bin distribution version if
selected and POLA is fully obeyed.

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message