Adding standalone RSA code
Marcel Moolenaar
marcel at xcllnt.net
Fri Dec 10 23:54:54 PST 2004
On Dec 10, 2004, at 7:39 PM, Colin Percival wrote:
> I'm not quite sure I understand what you're saying here. The entire
> point
> of this discussion is that bringing my RSA code into the base systme
> is an
> obvious first step towards bringing FreeBSD Update into the base
> system,
> which is something I've been asked countless times (by both committers
> and
> users) to do.
I may have missed this, but can openssl(1) be used at all or do you need
functionality not present in openssl(1)?
The reason I ask is that arguments about security issues, code size and
performance are mostly second order and highly subjective. I recall you
mentioned that using openssl(1) resulted in a "large" binary and gave
a size that's simply not the worth the fuzz if you ask me (it was less
than .5MB -- I don't even care if there's an error margin of 50%, it's
not worth my consideration. YMMV).
My point is that if you can use openssl(1), do so. Import FreeBSD update
and make it work on all platforms. If there's a genuine need, backed by
requests that openssl(1) should be replaced because it has some negative
characteristics that hamper development, usability or whatever, then
(and
only then) can we meaningfully discuss and argue whether such
replacement
is worth it. At this time I don't see a need at all. I do see a need to
have FreeBSD update work on all platforms and that would be my first
requirement for putting FreeBSD update in the base system.
My 0.02 smurfs,
--
Marcel Moolenaar USPA: A-39004 marcel at xcllnt.net
More information about the freebsd-arch
mailing list