From owner-freebsd-current@FreeBSD.ORG Tue Apr 27 02:08:34 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 46A8C16A4CE for ; Tue, 27 Apr 2004 02:08:34 -0700 (PDT) Received: from tx2.oucs.ox.ac.uk (tx2.oucs.ox.ac.uk [163.1.2.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id B97EE43D49 for ; Tue, 27 Apr 2004 02:08:33 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan2.oucs.ox.ac.uk ([163.1.2.162] helo=localhost) by tx2.oucs.ox.ac.uk with esmtp (Exim 4.24) id 1BIOZs-00025x-LX for freebsd-current@freebsd.org; Tue, 27 Apr 2004 10:08:32 +0100 Received: from rx2.oucs.ox.ac.uk ([163.1.2.161]) by localhost (scan2.oucs.ox.ac.uk [163.1.2.162]) (amavisd-new, port 25) with ESMTP id 07772-07 for ; Tue, 27 Apr 2004 10:08:32 +0100 (BST) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx2.oucs.ox.ac.uk with smtp (Exim 4.24) id 1BIOZs-00025s-85 for freebsd-current@freebsd.org; Tue, 27 Apr 2004 10:08:32 +0100 Received: (qmail 5113 invoked by uid 1004); 27 Apr 2004 09:08:32 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.20 (clamscan: 0.67. sweep: 2.18/3.79. Clear:RC:1(163.1.161.131):. Processed in 0.085375 secs); 27 Apr 2004 09:08:32 -0000 Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 27 Apr 2004 09:08:32 -0000 Message-Id: <6.1.0.6.1.20040427094029.03d3d218@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6 Date: Tue, 27 Apr 2004 10:08:30 +0100 To: freebsd-current@freebsd.org From: Colin Percival Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: Removing NOCRYPT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Apr 2004 09:08:34 -0000 I would like to remove the NOCRYPT option from FreeBSD before 5.3-RELEASE. There are a number of good reasons for doing this: 1. NOCRYPT is almost completely untested, and in the past it has often broken (for example, there was a recent release where it was impossible to pkg_add without the cryptographic libraries.) 2. NOCRYPT has outlived its original purpose. The separation of cryptographic code from non-cryptographic code is a result of "munitions" export restrictions in the US which were changed a long time ago. 3. NOCRYPT causes major headaches. With the Kerberos options removed (or rather, Kerberos 4 removed and Kerberos 5 made manditory) this is the only remaining option which can result in certain files from the FreeBSD world existing in multiple entirely different forms. Most obviously, this complicates release-building; it also adds significant complications to FreeBSD Update. If anyone has a really good reason for keeping the NOCRYPT option, please let me know. In particular, I'd like to hear from anyone who is actually running a NOCRYPT world. Colin Percival