Re: Freeswan in Debian, or: Why I am such a bad maintainer
- To: Rene Mayrhofer <rene.mayrhofer@gibraltar.at>
- Cc: Bastian Blank <waldi@debian.org>, Dominique Kaiser <dommi_s1@gmx.net>, Giacomo Mulas <gmulas@ca.astro.it>, Steven Augart <augart@watson.ibm.com>, Lupe Christoph <lupe@lupe-christoph.de>, Anthony DeRobertis <anthony@derobert.net>, Andrew Pimlott <pimlott@idiomtech.com>, herbert@gondor.apana.org.au, Alexander Hvostov <alex@aoi.dyndns.org>, Daniel Pocock <daniel@pocock.com.au>, Russell Stuart <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, Christoph Martin <martin@uni-mainz.de>, Alexei Ustyuzhaninov <alust@UralskyGSM.com>, Marc Haber <mh+debian-bugs@zugschlus.de>, Jason Spence <jspence@lightconsulting.com>, Mike Fedyk <mfedyk@matchmail.com>, Luca Fornasari <luca.fornasari@easybit.it>, Torsten Knodt <tk-debian@datas-world.de>, Christian Perrier <bubulle@debian.org>, Luk Claes <luk.claes@ugent.be>, debian-devel@lists.debian.org, Nate Carlson <natecars@natecarlson.com>
- Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
- From: Wichert Akkerman <wichert@wiggy.net>
- Date: Mon, 28 Jun 2004 15:06:29 +0200
- Message-id: <[🔎] 20040628130629.GB9561@wiggy.net>
- Mail-followup-to: Wichert Akkerman <wichert@wiggy.net>, Rene Mayrhofer <rene.mayrhofer@gibraltar.at>, Bastian Blank <waldi@debian.org>, Dominique Kaiser <dommi_s1@gmx.net>, Giacomo Mulas <gmulas@ca.astro.it>, Steven Augart <augart@watson.ibm.com>, Lupe Christoph <lupe@lupe-christoph.de>, Anthony DeRobertis <anthony@derobert.net>, Andrew Pimlott <pimlott@idiomtech.com>, herbert@gondor.apana.org.au, Alexander Hvostov <alex@aoi.dyndns.org>, Daniel Pocock <daniel@pocock.com.au>, Russell Stuart <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, Christoph Martin <martin@uni-mainz.de>, Alexei Ustyuzhaninov <alust@UralskyGSM.com>, Marc Haber <mh+debian-bugs@zugschlus.de>, Jason Spence <jspence@lightconsulting.com>, Mike Fedyk <mfedyk@matchmail.com>, Luca Fornasari <luca.fornasari@easybit.it>, Torsten Knodt <tk-debian@datas-world.de>, Christian Perrier <bubulle@debian.org>, Luk Claes <luk.claes@ugent.be>, debian-devel@lists.debian.org, Nate Carlson <natecars@natecarlson.com>
- In-reply-to: <[🔎] 40E00DDA.3040807@gibraltar.at>
- References: <[🔎] 40E00DDA.3040807@gibraltar.at>
Previously Rene Mayrhofer wrote:
> Although I am a lot happier with the freeswan package now than I have
> been a year ago (it works at least out-of-the-box with standard Debian
> kernels, which is good(TM)), I am still unable to fix all possible
> combinations of freeswan and kernels.
As I undertand it Debian kernels now feature the Linux ipsec backport,
basically making the kernel-patch-freeswan stuff obsolete. So why not
simply just package the freeswan userland to use that? That should be
pretty simple.
> 3. Drop freeswan from Debian. As some might already guess, this is my
> preferred solution. Why ? We already have openswan and at the current
> state of development, I see no reason to support both. openswan is a
> direct spin-off of freeswan and is based on the current 2.04 freeswan
> code base.
Ah, if we already have OpenSwan dropping freeswan definitely seems a
good idea.
> Unfortunately, openswan currently does not have the alg patch and thus
> no AES etc.
3des is still the preferred algorithm so I don't see that being a real
problem.
> So I would like to hear from current freeswan users if they could switch
> to openswan right now and if not, what is missing. freeswan is dead, we
> need to face it.
I actually stopped using freeswan quite some time ago; I'm currently
using Linux 2.6 boxes with static keying. For critical stuff I'm not
even using Linux, I don't quite trust the ipsec support enough at the
moment.
Wichert.
--
Wichert Akkerman <wichert@wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Reply to: