openssh

Cejka Rudolf cejkar at dcse.fee.vutbr.cz
Mon Jul 10 17:22:20 CEST 2000


Ladislav Kostal wrote (2000/07/10):
> On Mon, 10 Jul 2000, Libor Kral wrote:
> > uplne nahodou jsem dnes cetl clanek na FreeBSD Diary
> > a ten mozna resi vas problem:
> > http://www.freebsddiary.org/crypto-break.html

Jo, src-crypto-rsa collection moc stastne reseni nebylo.
Nastesti ho zase dost rychle zrusili.

> Ale to je riesenie tiez pomocou cvs a make world. Ja hladam nieco
> jednoduchsie. Ako to ma potom nainstalovat zacinajuci uzivatel?

Je potreba vzit instalacni crypto baliky zkompilovane mimo
USA z ftp.internat.FreeBSD.org. Konektivita na tento server
je ovsem spatna, proto muzete vyuzit nas mirror ftp.cz.FreeBSD.org
(/pub/FreeBSD-intl/...), kde potrebne baliky jsou.

Pro povzbuzeni pro ty, kteri nesleduji anglicke konference:
FreeBSD ziskalo povoleni pro export crypto kodu a zvlastni
status ftp.internat.FreeBSD.org se tim rusi
(a 4.0-RELEASE je mozna posledni crypto-komplikovana release):

--

Subject: HEADS UP: Crypto changes coming soon

This announcement is primarily for FreeBSD committers, CVSup users,
and mirror sites.  Mark Murray will soon post a companion announcement
for CTM users.

As a consequence of recent relaxation in US export restrictions for
cryptography software, the FreeBSD project has obtained the necessary
permissions to export the crypto portions of its source tree.  This is
a welcome development, to say the least, and we are now ready to take
advantage of it.

In a nutshell, our plan is to fold the crypto files into the "src-all"
and "cvs-all" collections and eliminate the "cvs-crypto" collection
entirely.  Just to make this is perfectly clear, we will eliminate
the _collection_ only -- not the files it contains.  Those files will
simply become a part of "src-all" and "cvs-all".  These existing
crypto sub-collections:

    src-crypto
    src-eBones
    src-secure
    src-sys-crypto

will remain valid and unchanged, except that they will become
sub-collections of "src-all" instead of the soon-to-be-defunct
"cvs-crypto" collection.

As part of this process, the crypto files on internat.FreeBSD.org will
be synchronized with the now-unrestricted files on freefall.  After
this step there will no longer be any differences between the files on
the two machines, and internat will become just another mirror site
like all the others.

Neither mirror sites nor CVSup users need to do anything special to
prepare for this.  In fact, I strongly advise all of you to leave your
supfiles unchanged until the dust has settled.  When we eliminate the
"cvs-crypto" collection, you will start seeing warnings from CVSup
saying that collection doesn't exist.  These warnings will be harmless
and can safely be ignored.  By that time the files which formerly
belonged to "cvs-crypto" will be owned by "src-all" and "cvs-all".
They won't be deleted or changed.

Here is how we plan to proceed:

1. Impose an enforced freeze on all of the crypto files.

2. Synch up internat with freefall.

3. Absorb the crypto files into the "src-all" and "cvs-all"
collections, and eliminate the "cvs-crypto" collection.  At the same
time, temporarily orphan "src-crypto", "src-eBones", "src-secure", and
"src-sys-crypto" so that they are no longer treated as sub-collections
of "cvs-all".  This latter step will have no visible effect, except
that it will temporarily suppress cvsupd's mirror mode optimization
for the orphaned collections.  Mirror sites may see a slight increase
in load because of that, but it will last only a day or two.  I don't
expect the increased load to be significant, because the crypto
collections are relatively small.

4. Wait 24-48 hours to make sure these changes have propagated to the
mirrors.

5. Reparent "src-crypto", "src-eBones", "src-secure", and
"src-sys-crypto" so that they are considered to be sub-collections of
"src-all".  This will cause the mirror mode optimizations to kick in
again.

6. Lift the freeze.

After the freeze has been lifted and the dust has settled, you may
remove "cvs-crypto" from your supfiles if you wish.  There is no
urgency surrounding that; you'll merely get harmless warnings from
your CVSup updates until you do.

Finally, we will:

7. Update the cvsup-mirror port, sample supfiles, and other
documentation.

We planned this transition as carefully as we could, and we are
confident that it will go smoothly.  Should a few unforseen glitches
arise, please remain calm and rest assured that we perpetrators are
safe and sound in a well-concealed underground bunker where you will
never find us.

Your friendly source-meisters,
John Polstra, Peter Wemm, and Mark Murray

-- 
Rudolf Cejka   (cejkar at dcse.fee.vutbr.cz;  http://www.fee.vutbr.cz/~cejkar)
Brno University of Technology, Faculty of El. Engineering and Comp. Science
Bozetechova 2, 612 66  Brno, Czech Republic



More information about the Users-l mailing list