Date: Tue, 04 Jul 2000 11:38:42 -0700 (PDT) From: John Polstra <jdp@polstra.com> To: hubs@freebsd.org Subject: HEADS UP: Crypto changes coming soon Message-ID: <XFMail.000704113842.jdp@polstra.com>
next in thread | raw e-mail | index | archive | help
This announcement is primarily for FreeBSD committers, CVSup users, and mirror sites. Mark Murray will soon post a companion announcement for CTM users. As a consequence of recent relaxation in US export restrictions for cryptography software, the FreeBSD project has obtained the necessary permissions to export the crypto portions of its source tree. This is a welcome development, to say the least, and we are now ready to take advantage of it. In a nutshell, our plan is to fold the crypto files into the "src-all" and "cvs-all" collections and eliminate the "cvs-crypto" collection entirely. Just to make this is perfectly clear, we will eliminate the _collection_ only -- not the files it contains. Those files will simply become a part of "src-all" and "cvs-all". These existing crypto sub-collections: src-crypto src-eBones src-secure src-sys-crypto will remain valid and unchanged, except that they will become sub-collections of "src-all" instead of the soon-to-be-defunct "cvs-all" collection. As part of this process, the crypto files on internat.FreeBSD.org will be synchronized with the now-unrestricted files on freefall. After this step there will no longer be any differences between the files on the two machines, and internat will become just another mirror site like all the others. Neither mirror sites nor CVSup users need to do anything special to prepare for this. In fact, I strongly advise all of you to leave your supfiles unchanged until the dust has settled. When we eliminate the "cvs-crypto" collection, you will start seeing warnings from CVSup saying that collection doesn't exist. These warnings will be harmless and can safely be ignored. By that time the files which formerly belonged to "cvs-crypto" will be owned by "src-all" and "cvs-all". They won't be deleted or changed. Here is how we plan to proceed: 1. Impose an enforced freeze on all of the crypto files. 2. Synch up internat with freefall. 3. Absorb the crypto files into the "src-all" and "cvs-all" collections, and eliminate the "cvs-crypto" collection. At the same time, temporarily orphan "src-crypto", "src-eBones", "src-secure", and "src-sys-crypto" so that they are no longer treated as sub-collections of "cvs-all". This latter step will have no visible effect, except that it will temporarily suppress cvsupd's mirror mode optimization for the orphaned collections. Mirror sites may see a slight increase in load because of that, but it will last only a day or two. I don't expect the increased load to be significant, because the crypto collections are relatively small. 4. Wait 24-48 hours to make sure these changes have propagated to the mirrors. 5. Reparent "src-crypto", "src-eBones", "src-secure", and "src-sys-crypto" so that they are considered to be sub-collections of "src-all". This will cause the mirror mode optimizations to kick in again. 6. Lift the freeze. After the freeze has been lifted and the dust has settled, you may remove "cvs-crypto" from your supfiles if you wish. There is no urgency surrounding that; you'll merely get harmless warnings from your CVSup updates until you do. Finally, we will: 7. Update the cvsup-mirror port, sample supfiles, and other documentation. We planned this transition as carefully as we could, and we are confident that it will go smoothly. Should a few unforseen glitches arise, please remain calm and rest assured that we perpetrators are safe and sound in a well-concealed underground bunker where you will never find us. Your friendly source-meisters, John Polstra, Peter Wemm, and Mark Murray To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000704113842.jdp>