also sprach Herbert Xu <herbert@gondor.apana.org.au> [2003.10.03.1016 +0200]: > > I cannot disable IPsec at runtime as I cannot replace the IP stack > > at runtime, and it modifies the IP stack. Moreover, you state the > > The IPSEC stack does nothing unless you specify policies through > PFKEY or NETLINK. In other words, it is disabled by default. From glancing over the patch, it *also* replaces parts of the non IPsec i.e. standard IP stack. Maybe it provides the same functionality to the end user. It does *not* provide the same functionality to the developer. > > reason why you should not put IPsec in the kernel right there: > > "The presence of the patch should not prevent me from doing > > something that I would otherwise be able to do." Well, it does. > > It does not prevent you from doing anything with the *kernel > image* that you otherwise would be able to do. > > You argument fails even with the kernel source as the patch is > easily reversed. and if reversed, you loose the entire point of kernel-patch-debian -- security backports. Herbert, are you actually pretending to argue, or will simply slam every argument brought against you with a "fails this check, fails that check"? -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
pgpMkNn7NyfiT.pgp
Description: PGP signature