From owner-freebsd-current Sat Feb 19 21: 0: 1 2000 Delivered-To: freebsd-current@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id A1AF037BE8F; Sat, 19 Feb 2000 20:59:54 -0800 (PST) (envelope-from Doug@gorean.org) Received: from gorean.org (master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id UAA34072; Sat, 19 Feb 2000 20:59:53 -0800 (PST) (envelope-from Doug@gorean.org) Message-ID: <38AF74C8.29BC6EC8@gorean.org> Date: Sat, 19 Feb 2000 20:59:52 -0800 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: Victor Salaman , freebsd-current@FreeBSD.org Subject: Re: openssl in -current References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > On Sat, 19 Feb 2000, Doug Barton wrote: > > > Pardon me for coming late to the party, but what was the > > rationale behind putting openssl into the source anyway? Given the > > rsa/no rsa problems, not to mention the US vs. the world problems, > > what were the benefits that outweighed the complications? Note, I'm > > not trying to be critical here, I'm just interested in the thought > > process behind the decision. > > Having _a_ general-purpose cryptography toolkit in the base system allows > us to add in all sorts of cool things to FreeBSD (https support for fetch, > openssh, random cryptographic enhancements elsewhere). OpenSSL just > happens to be the only decent freely-available (BSDL) toolkit. Ok, that's pretty much what I expected, but thanks for the confirmation. > The patent nonsense with RSA will be going away in september, and the US > vs. the world problems have also been receding and probably won't last > much longer either. So how effective is openssl (plus the things that do/will depend on it) without rsa(ref)? Can we complete the integration process assuming that rsa* won't be on the system, but add hooks so that if the user has independently installed the rsaref port openssl in the base will pick that up? That will solve half the problem I think. As for the other problem, what is currently different between the US and international code repositories? I think I'm getting a handle on what's happening, it sounds like the problems are not that difficult to solve, the just require some planning. Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message