Date: Mon, 21 Feb 2000 01:07:41 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Garance A Drosihn <drosih@rpi.edu>, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Doug Barton <Doug@gorean.org>, Victor Salaman <salaman@teknos.com>, freebsd-current@FreeBSD.ORG Subject: Re: openssl in -current Message-ID: <38B0114D.ED1BF29C@newsguy.com> References: <Pine.BSF.4.21.0002192229150.9556-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > > Except it's not just this release, it's "for the life of the 4.x branch" > given the rules of what should get put into -stable. I really don't want > to have to wait another year or more for 5.0-RELEASE before we can start > making use of crypto in the recommended version of FreeBSD. This argument is not valid, sorry. OpenSSL, as it stands right now in the tree, is just another library and a set of include files (and configuration?). _Nothing_ in the system depends on OpenSSL, no part of the system has been modified to allow for it. It's basically a "plug-in" library, which, in fact, can be done through the ports. Given all that, there is absolutely _no_ reason why you shouldn't be able to MFC this later on. OTOH, if bigger changes, interface changes and the like will be following this, you will STILL be subject to the merging rules. Just because OpenSSL is there in 4.x won't give you any breaks on current -> stable rules. On the gripping hand, we have more than once brought to -stable changes that were deemed to important to wait until the next major version which would, otherwise, never be merged. So, there isn't really any rule saying that this _won't_ get into the 4.x branch if this single library doesn't get in right now. So... what _other_ reasons do you have to get OpenSSL in at any costs? There are disadvantages. There is the patent problem, there is the requirement of DES if you want OpenSSL (and I _don't_ want DES), which effectively _reduces_ our flexibility versus what we had before OpenSSL was added to the tree, and the handbook chapter you keep referencing is helpful, I imagine, in _some_ situations, but it just doesn't cut it yet. It didn't help me in the least, for instance. I see no gain, and lots of pain. For some, granted, things will work flawlessly and painlessly. For others, it can be a real headache. And all this discussion about what sysinstall should do or not goes to show that this just isn't ready yet. We are 20 days into code freeze, months into feature freeze, and it's just not time to get in things that are not ready. If OpenSSL in the tree is not working out right, and for some it isn't, it's better to just back it off, get back to the drawing board, and wait until the code freeze is over. There is still time even for this to get into 4.x-STABLE, since we won't change the 4.x branch to -stable for some time. And, from all I have seen up to now, it would seem 4.0-RELEASE will be better served with OpenSSL in the ports. IMHO, this is the right direction, but the wrong time. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org "If you consider our help impolite, you should see the manager." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38B0114D.ED1BF29C>