Date: Fri, 16 May 2003 10:57:53 +0100 From: Mark Murray <mark@grondar.org> To: Marius Strobl <marius@alchemy.franken.de> Cc: arch@freebsd.org Subject: Re: NOCRYPT / NOSECURE Message-ID: <200305160957.h4G9vsgN043184@grimreaper.grondar.org> In-Reply-To: Your message of "Fri, 16 May 2003 11:19:12 %2B0200." <20030516111912.A83445@newtrinity.zeist.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Marius Strobl writes: > On Fri, May 16, 2003 at 08:20:07AM +0100, Mark Murray wrote: > > > > SO - my query reduces to "How many folks are there out there who can > > NOT have crypto SOURCES on their system, even if they are doing a non > > crypto build?" > > > > Not in terms of export control or disk space but I'm concerend that > if fundamental things of the base distribution depend on OpenSSL and > friends this will lead to the need of much more frequent updates of > the base every time yet again another expoitable bug is found in them. > Not checking out the crypto sources and using the port versions of > the components in question if they are really needed one is on the > real safe side and there's usually no need to update FreeBSD for > quite some time. It is export control that I'm primarily concerned with. Well, actually, exporting free crypto is now a non-problem, so it comes down to the dodgy governments that place restrictions on crypto _import_. This may be a problem for our users in those countries. I'm sympathetic to your concerns. Telnet isn't used for anything in the build, and for the non-crypto case little would change by default; the source tree would be smaller and src/crypto/telnet/... would be used to get the telnet source. If src/crypto is removed, telnet would not be built at all. Libmd is different; that would depend (or be replaced by) libhash (real name to be decided later), which would be a replacement for libmd. In the case where there is no src/crypto, this would not be built, so md5(1) would not be built. This would have consquences for the ports system, so it needs to be fleshed out properly. There are solutions (perl springs to mind) for the ports system, but these need to be agreed upon. M -- Mark Murray iumop ap!sdn w,I idlaH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305160957.h4G9vsgN043184>