Re: Freeswan in Debian, or: Why I am such a bad maintainer
- To: Rene Mayrhofer <rene.mayrhofer@gibraltar.at>
- Cc: Bastian Blank <waldi@debian.org>, Dominique Kaiser <dommi_s1@gmx.net>, Giacomo Mulas <gmulas@ca.astro.it>, Steven Augart <augart@watson.ibm.com>, Lupe Christoph <lupe@lupe-christoph.de>, Anthony DeRobertis <anthony@derobert.net>, Andrew Pimlott <pimlott@idiomtech.com>, Wichert Akkerman <wichert@wiggy.net>, herbert@gondor.apana.org.au, Alexander Hvostov <alex@aoi.dyndns.org>, Daniel Pocock <daniel@pocock.com.au>, Russell Stuart <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, Christoph Martin <martin@uni-mainz.de>, Alexei Ustyuzhaninov <alust@UralskyGSM.com>, Marc Haber <mh+debian-bugs@zugschlus.de>, Anthony DeRobertis <anthony@derobert.net>, Jason Spence <jspence@lightconsulting.com>, Mike Fedyk <mfedyk@matchmail.com>, Luca Fornasari <luca.fornasari@easybit.it>, Torsten Knodt <tk-debian@datas-world.de>, Christian Perrier <bubulle@debian.org>, Luk Claes <luk.claes@ugent.be>, debian-devel@lists.debian.org
- Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
- From: Nate Carlson <natecars@natecarlson.com>
- Date: Mon, 28 Jun 2004 08:33:58 -0500 (CDT)
- Message-id: <[🔎] Pine.LNX.4.58.0406280824200.27081@conformity.technicality.org>
- In-reply-to: <[🔎] 40E00DDA.3040807@gibraltar.at>
- References: <[🔎] 40E00DDA.3040807@gibraltar.at>
On Mon, 28 Jun 2004, Rene Mayrhofer wrote:
> 2. Add freeswan-nat, kernel-patch-freeswan-nat and
> freeswan-modules-source-nat packages which have the patch and remove the
> patch from the current packages. This is a) ugly and pollutes the
> package pool and b) would also require to split the patches.
Note that Openswan still needs NAT Traversal patches for NAT-T to work
with a stock 2.4 kernel; it may be nice to include a
kernel-patch-openswan-natt patch for those people who don't feel like
patching it by hand, and still want to use the openswan-modules-source
package.
> 3. Drop freeswan from Debian. As some might already guess, this is my
> preferred solution. Why ? We already have openswan and at the current
> state of development, I see no reason to support both.
Considering that freeswan is now unmaintained, this would certainly be my
preferred solution. It might be good, however, to wait until Openswan
2.2.x is in Debian before dropping freeswan - that way, people who rely on
AES and such will be able to keep using those features.
> Unfortunately, openswan currently does not have the alg patch and thus
> no AES etc. But in the development tree (2.2.x), AES is already
> included, so it is only a matter of time.
It's actually working very well in the development tree. CryptoAPI support
is also included again in HEAD. Not sure when the expected 2.2.x release
is, though.
Note that some future release of Openswan (either 2.2.x or 2.3.x, most
likely) will also support KLIPS on 2.6; the code is available and working
right now for everything but NAT Traversal. (I'm running it).
> I have been asked to also maintain strongswan. Besides the alg patch, I
> currently don't really see a reason for doing it. If some feature that
> is present in strongswan is needed, in my opinion it would be better to
> have it ported to openswan than to have both, which are very similar.
Agreed. Any important features from Strongswan should be ported rather
quickly to Openswan.
------------------------------------------------------------------------
| nate carlson | natecars@natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
Reply to: