Simon Wilkinson <[email protected]> writes: > What I'd like to propose is that we pull in release version of hcrypto > into src/thirdparty/hcrypto. The only commits that would be permitted > into this portion of the tree are ones which take hcrypto from a later > Heimdal release, and update our local copy. That is, any native > modifications we require to hcrypto would have to be made upstream.
This is definitely the approach that I support. From my perspective, it's very important that we don't get ourselves into maintaining our own crypto layer; we should just use someone else's. I like the idea of using Heimdal's because it's actively maintained and is already adapted for kernel use, and it has a community and usage with significant existence outside of OpenAFS, so it's unlikely that we'll get stuck having to maintain it down the road. Having the restriction that we don't maintain local patches is very important to avoid slipping into maintaining it ourselves. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
