Removing NOCRYPT

Colin Percival colin.percival at
Tue Apr 27 02:08:34 PDT 2004

  I would like to remove the NOCRYPT option from FreeBSD before
5.3-RELEASE.  There are a number of good reasons for doing this:

1. NOCRYPT is almost completely untested, and in the past it has
often broken (for example, there was a recent release where it
was impossible to pkg_add without the cryptographic libraries.)

2. NOCRYPT has outlived its original purpose.  The separation of
cryptographic code from non-cryptographic code is a result of
"munitions" export restrictions in the US which were changed a
long time ago.

3. NOCRYPT causes major headaches.  With the Kerberos options
removed (or rather, Kerberos 4 removed and Kerberos 5 made
manditory) this is the only remaining option which can result
in certain files from the FreeBSD world existing in multiple
entirely different forms.  Most obviously, this complicates
release-building; it also adds significant complications to
FreeBSD Update.

  If anyone has a really good reason for keeping the NOCRYPT
option, please let me know.  In particular, I'd like to hear
from anyone who is actually running a NOCRYPT world.

Colin Percival

More information about the freebsd-current mailing list