Date: Wed, 08 Jan 2014 10:00:24 -0500 From: Mikhail T <mi+apache@aldan.algebra.com> To: Peter Wemm <peter@wemm.org> Cc: olli hauer <ohauer@gmx.de>, Current FreeBSD <freebsd-current@freebsd.org> Subject: Re: md2 on current and 10. Message-ID: <52CD6808.1080307@aldan.algebra.com> In-Reply-To: <CAGE5yCq=JEG40Ljtx0bfB5nSPCet-=PEzZdA7mfCw0DvMb4ttg@mail.gmail.com> References: <52B392D9.4030507@aldan.algebra.com> <52B483D7.7080302@gmx.de> <52B486AD.7080102@aldan.algebra.com> <52B48E8C.5070804@gmx.de> <52BB2979.5040008@aldan.algebra.com> <CAGE5yCq=JEG40Ljtx0bfB5nSPCet-=PEzZdA7mfCw0DvMb4ttg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08.01.2014 02:54, Peter Wemm wrote:
>> > Could we, please, have MD2 resurrected before 10.0 is officially out?
>> > Preferably in both -lmd and -lcrypto, but certainly in the former. Thank
>> > you! Yours,
> The time to bring this up was before the freeze for 10.0, a good 6+
> months ago. It is way too late now.
First of all, Peter, are you talking as a core-member, or expressing
personal opinion? In any case, I'd say it is not entirely fair to blame
me for reporting a problem "late" -- without any apologies about causing
it in the first place...
But is it really "too late" to add such a small piece back to where it
was? I'm not talking about resurrecting uucp here... Meanwhile, any
existing MD2-using application will simply break after upgrade -- does
that not bother anyone? If the code was removed after 19 years in the
tree, is 6 months really "too late" to resurrect it?
> However.. the code in libmd had had a non-commercial use restriction..
> Even if it wasn't too late, that code won't be back.
That restriction was not (enough of) a problem for 20 years (since 1994)
-- and still is not in 9.x and 8.x. But, Ok...
> Your best bet is to create a crypto/libmd2 port. Start with the code
> from openssl.
Adding such a port increases the number of hoops for any user to jump
through -- and the maintenance costs. Whereas the cost of simply
adjusting the base OpenSSL's configuration to include MD2 functionality
is virtually zero -- a single additional file file will be back (md2.h),
and no new libraries...
OpenSSL port offers MD2 as an option -- surely the base version can have
that same option flipped on without breaking anything.
Yours,
-mi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52CD6808.1080307>