Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Feb 2000 08:06:37 -1000
From:      Clifton Royston <cliftonr@lava.net>
To:        Matt Heckaman <matt@ARPA.MAIL.NET>
Cc:        Kenneth W Cochran <kwc@world.std.com>, freebsd-stable@freebsd.org
Subject:   Re: Trouble installing xpdf port in 3.4-stable
Message-ID:  <20000229080637.F5108@lava.net>
In-Reply-To: <Pine.BSF.4.21.0002290926190.56995-100000@epsilon.lucida.qc.ca>
References:  <200002291419.JAA24813@world.std.com> <Pine.BSF.4.21.0002290926190.56995-100000@epsilon.lucida.qc.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 29, 2000 at 09:30:50AM -0500, Matt Heckaman wrote:
...
> The real question is, with the new US legislation, I've seen Microsoft
> claim that they can make high encryption available to anyone. Can we do
> the same? I claim absolutely no legal knowledge though, just something I
> saw on windows update regarding the high encryption package for win2k.

  My understanding is that it has to be provided as binary, not source,
which seems like kind of a show-stopper for open source OSes.  Make
sense?  I didn't think so.

  However... has anybody looked at the install procedure for OpenBSD
2.6?  It's really really slick.  (Excuse me while I rave...) As part of
the installation procedure, if you configure the network, after
installing the first bunch of binaries off the CD, it brings the
network up (if it can) and prompts you for the correct legal source to
download the crypto modules from, depending on whether or not you're in
the US, then goes ahead and tries to fetch it for you.  Once you've got
the crypto module downloaded, it finishes building/installing the
essential packages that depend on it, like OpenSSH.  The out-of-box
install came up in the mode that it usually takes me a couple hours of
work to reach: sshd installed, running and accepting connections, and
nearly all other services disabled until you turn them on, so it's
actually safe to bring up on a network from the beginning.

  IMHO, this would be a great direction for FreeBSD to go in to solve
both the crypto dependency problem, and the initial insecurity problem.
  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
      The named which can be named is not the Eternal named.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000229080637.F5108>