From owner-freebsd-arch@FreeBSD.ORG Sat Dec 11 08:06:27 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC21116A4CE for ; Sat, 11 Dec 2004 08:06:27 +0000 (GMT) Received: from acampi.inet.it (acampi.inet.it [213.92.1.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BE1543D62 for ; Sat, 11 Dec 2004 08:06:27 +0000 (GMT) (envelope-from andrea@acampi.inet.it) Received: by acampi.inet.it (Postfix, from userid 1000) id 2D474A6; Sat, 11 Dec 2004 09:06:26 +0100 (CET) Date: Sat, 11 Dec 2004 09:06:26 +0100 From: Andrea Campi To: Colin Percival Message-ID: <20041211080625.GA11190@webcom.it> References: <41B92CF3.2090302@wadham.ox.ac.uk> <20041211020518.GA74718@dragon.nuxi.com> <41BA6BDE.5070909@wadham.ox.ac.uk> <20041211035012.GB93068@dragon.nuxi.com> <41BA702C.3010909@wadham.ox.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41BA702C.3010909@wadham.ox.ac.uk> User-Agent: Mutt/1.5.6i cc: freebsd-arch@freebsd.org Subject: Re: Adding standalone RSA code X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 08:06:27 -0000 On Fri, Dec 10, 2004 at 07:57:32PM -0800, Colin Percival wrote: > David O'Brien wrote: > >In other words, rather than create an RSA library that your code links > >against, just build .o's and list the .c's in your FreeBSD Update's > >Makefile. That way you can use this RSA code that you want to, but it > >isn't exposed as a consumable library in FreeBSD's {,/usr}/lib. > > Ah, now I understand. FreeBSD Update is a shell script, so I'd still need > to add an rsa-verify program into /usr/sbin, but I'm quite happy to have > it statically link my RSA code rather than installing a separate library, > if that's what people would prefer. Honestly, I thought that people would > complain if I did it that way. Can you offer a choice between using and installing your rsa-verify and calling openssl? I guess it's just a matter of sed'ing FreeBSD Update shell script to use one or the other. Speaking as one user that values space over time in some installations, I think this would be a win-win and would allow people to adopt rsa-verify at their own pace. Or vice versa, if (when) rsa-verify would become default, would allow security-conscious critics that would prefer to stick with OpenSSL to just do so. Bye, Andrea -- Give a man a fish and you feed him for a day; teach him to use the Net and he won't bother you for weeks.