From owner-freebsd-current Sat Feb 19 22:52:59 2000 Delivered-To: freebsd-current@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id E158237BF34; Sat, 19 Feb 2000 22:52:52 -0800 (PST) (envelope-from Doug@gorean.org) Received: from gorean.org (master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id WAA59366; Sat, 19 Feb 2000 22:52:48 -0800 (PST) (envelope-from Doug@gorean.org) Message-ID: <38AF8F40.CB06E7C7@gorean.org> Date: Sat, 19 Feb 2000 22:52:48 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "Victor A. Salaman" , "'Jordan K. Hubbard'" , freebsd-current@FreeBSD.org Subject: Re: openssl in -current References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > On Sun, 20 Feb 2000, Victor A. Salaman wrote: > > > Don't remove OpenSSL from the three... put the whole thing there, the whole > > openssl distro in the tree. The problem with the patent is not that you > > CAN'T get the software, the problem is that you can't build with it and use > > it. But nobody said that you can't have it in the system. It's up to the > > USA_RESIDENT variable that RSAREF would be built (over the net). The only > > thing we would need to do is modify sysinstall if you are a USA resident > > with a disclaimer screen. That way we put the responsability onto the user, > > not the FreeBSD group. > > This doesn't help. The RSA source not being there isn't the problem, the > problem is that there are two different binary versions depending on how > you build it (with rsaref or not). So we do what we do with DES. By default you have openssl without RSA, and the RSA version is available as an after market distribution. All that's required is the work necessary to make the two openssl distributions. As for the ports, most of the ports that have the ability to use RSA also have the ability to turn it off (TMK), usually through a configure --variable. The ones that don't can have warnings spit out. Until the patent runs out, leaving RSA as a port seems to be the only reasonable alternative. Once again, I don't think that the problems here are insurmountable, they will just require some engineering. Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message