From owner-freebsd-arch@FreeBSD.ORG Fri May 16 02:58:31 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B400537B401 for ; Fri, 16 May 2003 02:58:31 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD90A43F75 for ; Fri, 16 May 2003 02:58:30 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.7/8.12.7) with ESMTP id h4G9wSgw003022; Fri, 16 May 2003 10:58:28 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h4G9wS4i003021; Fri, 16 May 2003 10:58:28 +0100 (BST) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h4G9vsgN043184; Fri, 16 May 2003 10:57:54 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200305160957.h4G9vsgN043184@grimreaper.grondar.org> To: Marius Strobl In-Reply-To: Your message of "Fri, 16 May 2003 11:19:12 +0200." <20030516111912.A83445@newtrinity.zeist.de> Date: Fri, 16 May 2003 10:57:53 +0100 Sender: mark@grondar.org cc: arch@freebsd.org Subject: Re: NOCRYPT / NOSECURE X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 May 2003 09:58:32 -0000 Marius Strobl writes: > On Fri, May 16, 2003 at 08:20:07AM +0100, Mark Murray wrote: > > > > SO - my query reduces to "How many folks are there out there who can > > NOT have crypto SOURCES on their system, even if they are doing a non > > crypto build?" > > > > Not in terms of export control or disk space but I'm concerend that > if fundamental things of the base distribution depend on OpenSSL and > friends this will lead to the need of much more frequent updates of > the base every time yet again another expoitable bug is found in them. > Not checking out the crypto sources and using the port versions of > the components in question if they are really needed one is on the > real safe side and there's usually no need to update FreeBSD for > quite some time. It is export control that I'm primarily concerned with. Well, actually, exporting free crypto is now a non-problem, so it comes down to the dodgy governments that place restrictions on crypto _import_. This may be a problem for our users in those countries. I'm sympathetic to your concerns. Telnet isn't used for anything in the build, and for the non-crypto case little would change by default; the source tree would be smaller and src/crypto/telnet/... would be used to get the telnet source. If src/crypto is removed, telnet would not be built at all. Libmd is different; that would depend (or be replaced by) libhash (real name to be decided later), which would be a replacement for libmd. In the case where there is no src/crypto, this would not be built, so md5(1) would not be built. This would have consquences for the ports system, so it needs to be fleshed out properly. There are solutions (perl springs to mind) for the ports system, but these need to be agreed upon. M -- Mark Murray iumop ap!sdn w,I idlaH