Date: Thu, 16 Nov 2006 09:30:11 GMT From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched Message-ID: <200611160930.kAG9UB8Q023235@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/105488; it has been noted by GNATS. From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: bug-followup@FreeBSD.org Subject: Re: ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched Date: Thu, 16 Nov 2006 10:25:44 +0100 --5mCyUwZo2JvN/JJP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 15, 2006 at 09:27:52PM +0000, Bjoern A. Zeeb wrote: > On Wed, 15 Nov 2006, VANHULLEBUS Yvan wrote: >=20 > >People who just don't know what is NAT-T won't care about it (and will > >automagically have it when the patch will be included in FreeBSD's > >CVS), and people who want it should have read the warning about > >needing a kernel patch. >=20 > People who won't care don't need it and would leave it to default > which is off anyway so that case does not matter. When this option has been included, I guessed integrating NAT-T support in FreeBSD's CVS would be quite fast, so I put the default to easy migration when it will be included, even for people who don't know what NAT-T means (but which may still need). This patch integration took lot more time than I hoped (and it is still not done). But now lots of people have WITH_NATT=3Dtrue in their /var/db/ports/ipsec-tools file, we can't just apply the patch you provided, as it would break ipsec-tools compilation for all people that don't know what NAT-T is, and who don't know the patch's existence. > People who want it do not want it to be left out when they have to > explicitly to turn it on. By turning it on they say "I want this" > but do not say "I want this maybe". If they do a make package and > deploy it and it turns out to not be in it might take them hours to > figure out what went wrong. > > It's a YES/NO thing and no MAYBE. If you want a MAYBE do it for > the default NO case but that will not permit people to leave it out > when their system would have the header files that support it. If I used a YES/NO which means Yes =3D> force, NO =3D> maybe, someone else whoud already have filled a PR for "I set up NAT-T support to NO and it is compiled on my host which have the NAT-T patch !".......... > So if you want a MAYBE do not provide an option but that will not > allow the poeple to chose - that's what the options from make config > are about. The only solution to make sure (quite) all people are happy would be to have a YES/NO/FORCE (or a YES/TEST/NO, or whatever else, as soon as the actual default value in option files don't break things). Of course, the best long term solution will be to have NAT-T support officially integrated in FreeBSD......... Yvan. --=20 NETASQ http://www.netasq.com --5mCyUwZo2JvN/JJP Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIINPQYJKoZIhvcNAQcCoIINLjCCDSoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CokwggZ/MIIFZ6ADAgECAgpwxrFIFmvykFosMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYDVQQG EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxNDQ0NDNaFw0wNzA3MTUx NDQ0NDNaMIHYMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEuMCwGA1UEChMlTkVUQVNR IC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEZMBcGA1UE AxMQeXZhbiBWQU5IVUxMRUJVUzEqMCgGCSqGSIb3DQEJARYbeXZhbi52YW5odWxsZWJ1c0Bu ZXRhc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0quG0Q0oe+uM8lT HAklvpFArPSxUE8qM+NzfqOUaMaAI9/+Zg1kFOSrcYYRnB0R7ZGj9H+wk92l6+9jdOJx+1cG 9wwhCzTFuN1qxiznhXtryOwZ9vZswnAJXH3b0R0hL0CUsv54KWGsZIDI72KHrEx/KThY7iU7 AMq8/MqGGjSixXzhm89ybWm4N36dWRJvyT3oHFRREDLhGhherC+FJPied4FwIjth7worVD9m SVAPgp0WHpAhMqVe4vp4bJvpT9Qrv38cccfEiaaFaUvOCSF7h5gXy6F+D7xV/3adGqAwZ3sI o1qN4SijkaI6uqbUP+zslX3t78qHSc7HWhVm4QIDAQABo4ICjjCCAoowDAYDVR0TAQH/BAIw ADAdBgNVHQ4EFgQU/CR/mkkP1k1mu7ApVahPzBnqdJowgb4GA1UdIwSBtjCBs4AUJyrrHdlE 2joXc2oJICDJJaj5f7KhgZekgZQwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5ggEAMA4GA1UdDwEB/wQEAwIF4DARBglghkgBhvhCAQEEBAMCBaAwKwYJKwYBBAGC NxQCBB4eHABTAG0AYQByAHQAYwBhAHIAZABMAG8AZwBvAG4wLAYDVR0lAQH/BCIwIAYIKwYB BQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3FAICMCsGA1UdEQQkMCKgIAYKKwYBBAGCNxQCA6AS DBB5dmFudkBuZXRhc3EuY29tMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0 YXNxLmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9j YXRpb25MaXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50 cmFuZXQvcGtpL25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kv bmV0YXNxLmNybDAfBglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B AQQFAAOCAQEAMlfufwmHT/3KRXLIx0jcRwT9bOboCGMQrI7xK/kk9t0jvGm3KTlVN2uuZ0Hk VU2QWqw6hPPoc1mclOPPWfNW4DHGafbIAqritDMoAtwCe7BkeZFaTRcigrnNJhyIjlfTHrrF Pz8Iul+ZugtAV8gCrpMPrF/RUJ2wgvUiBrp/1zhTZ0WMini5KK/MEiWgvZKHq0Y4riD9Sw5L 84TbPcwQmHG4aQhsKkTNC9S80qurRVmTre+Qo68fzGXznPsSU/atH0OCIka3KYcJmrnoFosh 0fuWOhKRTDfcTVarpCFhFiNvg8gxUxi9kdI2m/u2h7zEYvEH89G4HQ6NFBNvh0XfjjCCBAIw ggLqoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwRO b3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2Vj dXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp b24gQXV0aG9yaXR5MB4XDTAyMDIxOTEyMzQ1NVoXDTIyMDIxNDEyMzQ1NVowgZExCzAJBgNV BAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMe TkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAwYBPi3ref6t0tuJMoj5R4H7sa+WMSZwDh4XHjZV5e6P6LObyrleC6oNFDZJr gBtKk9Swzfnnf4m3xc0QS9kKCPLFwLpmIK3RCx0K4YYi+uBrrL347kH4UPfrI6KvrYcFpG3Y wFZUK+7LZn/Y9HSB6n4gvdiCk7cmkuFr1ifFtDYZqktNUss9yQCPqh0d9dXfuhRV8vyggvVk cfTZcCyVpRaDYaDm0j30Urba62KsKxfh6cEAt6kmPUxviGVaoEiiaABDZVSu6PjS17qDcZaQ zlnwhLacKyM1zR7+lvfFR03/h6m8JYGBPMP7zccH2uJfufh+Of3AvOfCFZFcNhzHCwIDAQAB o2MwYTAdBgNVHQ4EFgQUJyrrHdlE2joXc2oJICDJJaj5f7IwHwYDVR0jBBgwFoAUJyrrHdlE 2joXc2oJICDJJaj5f7IwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI hvcNAQEEBQADggEBAJclqFN/WqYmhcZlXabrw6KJQNq/TK6TLDHzwZVcyjn0QhujHRr+EcVp aE1pIS4fjsywzpINE3fe9DSlC4IzyeqDq3EtM4eQDSXm4YRGLZp8X2M5TdccmxlElDgZzlVX MOlo/Ehhh4vqzSbc1M4FEfETiEV+vLX5MaWEHH8dmzlEL632mOme19QJN6BQKJPmCCj1VbxJ DrJSpF01kXFJUtyrA0ilrEG0mA+FLFjfsWuZXzYEPjv1/FIPMlSnCCiW8ZSzwstQX2BhLEi0 ugZJRpakVMY/TkdoLEErYt0mjZD+d/oXFR7QNzMxAHpDEPmlZRotP1W7sO6kpBP7lyh/Yc4x ggJ8MIICeAIBATCBoDCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcT EVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQg Q29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC CnDGsUgWa/KQWiwwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG CSqGSIb3DQEJBTEPFw0wNjExMTYwOTI1NDRaMCMGCSqGSIb3DQEJBDEWBBQ6FeL6hYDp83eM 3MZuUJr5SILXfTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF AASCAQAIBdZbnGrvzv+/ZDb8VxWpn84elV1k/slx6Y+uywIK65eVLIdIZn58Ti+jBlYVxM93 fkCfC7syBvZ3HKczJ0s6hIHeKjUUtJcwfMMIKi276kZct/cc9Y9NR2GWbIAWcHtFyj7s0ZnD mAFT/x4K7GLtN89kQg/qeT4YAXKC1Ns3nkE59eg4f7QF7qhoSh5nKFXj/Gd2qhLgk/Kp0M9j 3TcXSgqdiVmzAIhWIStr2ogWNB7Gys00eAOlpcDngT43IT/Sv3rnurzcILxpXxBb32HhOZCl 8Sl173s5iU07Ej/6op7I0IEGbpDBLQJ9juiemVb8bZUlf2lr37cW1cTxP3mZ --5mCyUwZo2JvN/JJP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611160930.kAG9UB8Q023235>