From owner-freebsd-current Sat Feb 19 20:40:42 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 67C9F37BE09; Sat, 19 Feb 2000 20:40:39 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id UAA04641; Sat, 19 Feb 2000 20:40:39 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 19 Feb 2000 20:40:39 -0800 (PST) From: Kris Kennaway To: "Jordan K. Hubbard" Cc: Victor Salaman , freebsd-current@FreeBSD.org Subject: Re: openssl in -current In-Reply-To: <42144.951019612@zippy.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 19 Feb 2000, Jordan K. Hubbard wrote: > Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out > at this point. The situation with RSA makes this far more problematic > than I think anyone first thought, and I've seen a lot of breakage so > far for what appears to be comparatively little gain over what we had > before with the ports collection version. Well, you're the release engineer of course..but I don't think the problems are insurmountable. Sysinstall could be made to install the correct package after asking the user the right questions (if they choose to install crypto): 1) Are you a resident of the USA? YES/NO NO -> installs the international package (actually, if they're net-installing and get their crypto from an international site they'll get the correct openssl version anyway) YES -> 2) 2) Do you wish to install RSA cryptography support? NOTE: RSA support is required for many third-party applications, but due to patent restrictions it is not available for unrestricted use. Selecting 'YES' will display the text of the license agreement imposed by RSA Security, Inc. and ask if you wish to proceed. NO -> installs the "no-rsa" package YES -> 3) 3) Displays the rsaref license, and asks for confirmation whether the user conforms to it. NO -> installs the "no-rsa" package YES -> installs the rsaref package and the openssl-rsaref package. The situation at present, compared to installing from ports, just unmasks the fact that a lot of people are using rsaref when they're not supposed to be ("make USA_RESIDENT=yes install" will automatically install rsaref without requiring you to read and agree to the license conditions). If you think the above can't be implemented in time for 4.0 and the alternatives (i.e. user deciding for himself which package to install and doing it manually) are not feasible then I will (reluctantly) back it out for the 4.0 release. Kris > > - Jordan > ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message