On Fri, Jul 05, 2002 at 02:04:31PM -0400, Jean-Luc Cooke wrote: > A very simple (distro-Agnostic) patch installer is in the works now. > Something akin to go-gnome.com's method. > > Speaking of which, can I get everyone's input on known crypto restrictions > and recommendations so this installer can help people comply with the laws > in their locality. > > Clemens, my suspicion that DEBs are better then RPMs is re-confirmed, good > work! Once the kerneli.org/go script-rules are ready (with your gracious > input) could you wrap it into a DEB? Sure, but I warn to start using different patch files for different legislations. A simple solution to prevent the patch file maintainance mess is to integrate the selection of legal ciphers/digests with the kernel Config.in mechanism. The go script would have to generate a source-able file (i.e. /etc/kernel-site.cfg) with a content like CONFIG_LEGAL_CIPHERS_STRONG=[y|n] CONFIG_LEGAL_CIPHERS_WEAK=[y|n] ... and so on This file would be "source"-ed by crypto's Config.in scripts, that select the allowed options based on the defined symbols. For deb packaging it'd be convienent to split the /etc/kernel-site.cfg generating part off the rest of the go script, since the deb packages don't need the rest of the patching mechanism. > The goals we're all striving for: > - make the cryptoapi installer part of standard distros (sans crypto) For the deb packages it'll be all or nothing ATM (in terms of source). Regards, Clemens
Attachment:
pgp00024.pgp
Description: PGP signature
