On 7/2/2012 11:42 AM, tibir wrote: > I was referring to adding feature. You already have a lot of packages, > or lets call them services that are "integrated" into pfSense. (so they > are part of the basic, like openvpn, dhcp server, ...)There could have > been a DHCP Server package to add, but instead you integrated it > directly. I've spoken about Squid or Snort but that doesnt means "I > would like you to integrated these packages as-is". I meant "I would > like you to intergate a HTTP Proxy and an IDS/IPS function". Then > whatever the software you plan to use or the way you > install/pre-configure it, I just need to care about what it does and > which options are offered to me through the GUI. > Hopefully you understand the shade between both approach. > I know large network tend to keep things separated (and I do agree with > that), but for SOHO or SMB, that's not always feasable. Moreover like > you said the status of packages is not really accurate and we dont > really know whether they are maintained or not.
The things in the base system are there because they are a good compromise between features and stability. They don't change much, and they provide a service everyone wants. Things like snort, squid, etc are very much a moving target and would need near-constant updates that would require firmware updates if they were in the base system, or a complete redesign of the update system to handle. Plus pulling them in would vastly increase the workload on us, the build system, etc, etc. It's just not worth it on -any- level. Packages are where those things belong. > I you really dont want put more into pfSense, I believe the option to > have the "official/supported" packages list separated from the > "unofficial/unsupported" ones, right from the Packages Installer menu, > would be a good option. I'm not sure if they will get separate tabs, but there will eventually be some notation on the page to distinguish them. For the most part we try to support even more packages than we claim as maintainers, but of course we can't do them all perfectly. Sometimes we can at least test/confirm issues and act as a liaison to the actual maintainer where possible. > Btw no comment about identity-based and application awareness, shall I > understand it's on the way ? ;-) Or that it's being ignored entirely as not feasible/desirable. :-) Jim _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
