On 23/11/14 20:49, Yegor Yefremov wrote:
> On Sat, Nov 22, 2014 at 12:57 PM, Gert Doering <g...@greenie.muc.de> wrote:
>> Hiya,
>>
>> On Sat, Nov 22, 2014 at 11:47:05AM +0100, Arne Schwabe wrote:
>>> Almost anybody always turns this feature on, at least all distribution
>>> have it on.
>>
>> Which is indeed a strong argument for removing the conditional... maybe
>> quickly discuss this ("anyone strongly opposed?") at the next meeting?
>
> Btw another mismatch:
>
> AC_ARG_ENABLE(
> [small],
> [AS_HELP_STRING([--enable-small], [enable smaller executable
> size (disable OCC, usage message, and verb 4 parm list)
> @<:@default=yes@:>@])],
> ,
> [enable_small="no"]
> )
That some features are disabled by default is not related to any kind of
"mismatch". First things first.
Regarding --enable-password-save, I don't see any reasons why we want to
change that. I don't buy the argument that "all distros do it", because
they already have added --enable-password-save in their build tools. In
fact, for those who depend on this being disabled by default may get a
bigger surprise if we change this default. And it's been off by default
since the beginning of OpenVPN, iirc, so this may have a bigger impact
than what we can foresee right now. Changing defaults are tricky,
especially when it comes to compile time options.
The only place this is enabled by default is on our Windows binary
builds, as it would be generally too much to ask Windows users to
rebuild OpenVPN themselves with this feature enabled + we had several
queries about this feature from Windows users. For non-Windows
environments, people are usually far more capable of building OpenVPN
themselves and if not, they can report this to the package maintainers
for their distros and they can decide whether this is a good idea or not
for their distro.
So I'm saying NACK on --enable-password-save unless I get a really good
argument why we need to change this default.
When it comes to --enable-small. I encourage you to try that on your
own box first and to see what happens with --help and the log files.
Further, go through the source code and look for #ifdef ENABLE_SMALL,
and you might get yourself a big surprise, especially when playing with
the --verb option in the config.
The --enable-small feature is here to reduce the size of the openvpn
binary by reducing information generally not found useful on embedded
systems - due to people configuring these systems generally have a
better understand of what they are doing and can do their testing on
systems without --enable-small. For "normal" users, it is generally far
better to have the "fatter" version of OpenVPN.
Please don't fall into the trap thinking that "everything should be
enabled by default". It's really not that simple.
--
kind regards,
David Sommerseth
