Re: IPSEC

To: Robert Millan <rmh@debian.org>
Cc: "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org>
Subject: Re: IPSEC
From: Steven Chamberlain <steven@pyro.eu.org>
Date: Wed, 25 Sep 2013 13:48:55 +0100
Message-id: <[🔎] 5242DBB7.6040504@pyro.eu.org>
In-reply-to: <[🔎] 5242D6CA.4070204@debian.org>
References: <[🔎] 523457A1.3090606@debian.org> <[🔎] 5242D6CA.4070204@debian.org>

On 25/09/13 13:27, Robert Millan wrote:
> Since we got no response from upstream, I would prefer if IPSEC support
> was archieved by providing a separate kernel flavour. Is that okay with you?

Yes that may be the best option currently.

But I wonder if it would become awkward if features are provided by
flavours.  Someday we could end up with e.g. 3x2x2 different flavours,
or have to offer the choice of one feature but not both together.

There's a similar situation with Xen HVM - the Debian Linux kernels
include full support for Xen PCI devices and paravirtualised device
drivers, but those are not enabled by default in upstream's GENERIC
config, only in a separate XENHVM config.

But IPSEC is unlikely needed in a Xen domU, because IPSEC could be more
effectively handled by the dom0, which has to be trusted anyway.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Reply to:

Follow-Ups:
- Re: IPSEC
  - From: Robert Millan <rmh@debian.org>
- Re: IPSEC
  - From: Benjamin Kaduk <kaduk@MIT.EDU>

References:
- IPSEC
  - From: Robert Millan <rmh@debian.org>
- Re: IPSEC
  - From: Robert Millan <rmh@debian.org>

Prev by Date: Re: IPSEC
Next by Date: Re: IPSEC
Previous by thread: Re: IPSEC
Next by thread: Re: IPSEC
Index(es):
- Date
- Thread