Date: Thu, 15 May 2003 19:20:02 +0100 From: Mark Murray <mark@grondar.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: arch@freebsd.org Subject: Re: NOCRYPT / NOSECURE Message-ID: <200305151820.h4FIK2gN027630@grimreaper.grondar.org> In-Reply-To: Your message of "Thu, 15 May 2003 16:20:08 %2B0200." <xzpr870mgvb.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav writes: > I would therefore like to remove NOSECURE, preferably before 5.1. I will applaud this! > NO_OPENSSL is also a subset of NOCRYPT. There is so little that > builds with NO_OPENSSL but not with NOCRYPT that I think it might be > worthwhile to deprecate NO_OPENSSL and change the description of > NOCRYPT from "will prevent building of crypt versions" to "do not > build crypto-related software" I like this too. > We also have something called libcipher which is only used by bdes(1); > the OpenSSL distribution contains a similar and AFAIK compatible > utility (src/crypto/openssl/crypto/des/des.c) which we don't currently > build. We should probably ditch both libcipher and bdes(1), and > perhaps add OpenSSL's des(1) to the build if our users really want it, > though 'ln -s /usr/bin/openssl /usr/bin/des' goes a long way. If openssl's des(1) is the same as our bdes(1) (ie, gives the same results) then I'm in support of this. I'd also approve of a wrapper script that calls openssl(1) or des(1) and make a compatible bdes(1). Similar scripts may be a good idea for md5(1) and sha1(1). If folks don't shoot the idea down, I'm happy to help out. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305151820.h4FIK2gN027630>