* Noah Meyerhans <noahm@debian.org> [140405 00:06]: > On Fri, Apr 04, 2014 at 12:59:35PM +1300, Matt Grant wrote: > > 4) racoon/setkey are native IPSEC implementations across FreeBSD, > > NetBSD, Mac OSX, and Linux, and thus having it available give a 'just > > works' IPSEC option. I must also add that "it really just works". In particular, roadwarrior server-side setups are really easy to setup nowadays and work very well. > > My main concern as maintainer are the security issues, with an old code > > base running as root. > > The code base may be old, but it's pretty widely used and thus should > have many eyes watching it. (I'm being optimistic, I know). The > ipsec-tools mailing lists don't see a lot of activity, but they're by no > means dead. And there was just an upstream 0.8.2 release in February. Can't really comment on security of an maybe old code base here, but I had the feeling that at least Openswan was "more dead" than racoon. > > I am willing to co-maintain this package with other developers and > > maintainers. My belief is that there is likely a Debian kFreeBSD > > developer/maintainer out there who would like to do this, and do a lot > > of the work :-) > > I'm happy to help maintain ipsec-tools, as I make regular use of it and > have done so for several years. I'd also be supportive of removing it > for jessie+1 based on your arguments for doing so. If that's the path > taken, it'd be really good if we could document (and at least partially > automate?) the migration path from racoon to the preferred alternatives. I have no clue of kFreeBSD, but I'm using racoon on Linux. I'd offer help if the goal would be to keep racoon. -ch -- ,''`. Christian Hofstaedtler <zeha@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
Attachment:
signature.asc
Description: Digital signature