Removing NOCRYPT
Colin Percival
colin.percival at wadham.ox.ac.uk
Tue Apr 27 02:08:34 PDT 2004
I would like to remove the NOCRYPT option from FreeBSD before
5.3-RELEASE. There are a number of good reasons for doing this:
1. NOCRYPT is almost completely untested, and in the past it has
often broken (for example, there was a recent release where it
was impossible to pkg_add without the cryptographic libraries.)
2. NOCRYPT has outlived its original purpose. The separation of
cryptographic code from non-cryptographic code is a result of
"munitions" export restrictions in the US which were changed a
long time ago.
3. NOCRYPT causes major headaches. With the Kerberos options
removed (or rather, Kerberos 4 removed and Kerberos 5 made
manditory) this is the only remaining option which can result
in certain files from the FreeBSD world existing in multiple
entirely different forms. Most obviously, this complicates
release-building; it also adds significant complications to
FreeBSD Update.
If anyone has a really good reason for keeping the NOCRYPT
option, please let me know. In particular, I'd like to hear
from anyone who is actually running a NOCRYPT world.
Colin Percival
More information about the freebsd-current
mailing list