From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 11217 invoked from network); 2 Jun 2021 12:20:56 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 2 Jun 2021 12:20:56 -0000 Received: from mimir.eigenstate.org ([206.124.132.107]) by 1ess; Tue Jun 1 18:05:05 -0400 2021 Received: from abbatoir.myfiosgateway.com (pool-74-108-56-225.nycmny.fios.verizon.net [74.108.56.225]) by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id e67ff5c7 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO) for <9front@9front.org>; Tue, 1 Jun 2021 15:04:50 -0700 (PDT) Message-ID: <5F7711CA8F306CEE2733FB084BD89400@eigenstate.org> To: 9front@9front.org Date: Tue, 01 Jun 2021 15:04:49 -0700 From: ori@eigenstate.org In-Reply-To: <05B34B036B7AB83D8B159A53FED697A6@felloff.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: converged storage Subject: Re: [9front] ssl deprecation Reply-To: 9front@9front.org Precedence: bulk Quoth cinap_lenrek@felloff.net: > and what todo with pushssl(2) and cpu(1), import(4) and oexportfs(4)? the patch deleting obsolete algorithms also kills it: char *ealgs = "rc4_256 sha1"; so unnice, we killed it twice. > if you kill devssl, you break any remoting supporting with inferno and > classic plan9. > > i wanted to kill it along time ago especially as devssl had kernel > crash bugs. but you need to explain the consequences of your changes > clearly and stand the discussion with people wanting to run 9front > together with inferno and labs plan9 installations. I took a bit of time to look at this; it looks like it'd be a small patch to use devssl or devtls. maybe it's time to tell people that they need to apply a patch? echoline has been messing around with porting dp9ik, to 9legacy -- maybe that's another option? not sure if there are really other options long term p9sk1/cpu auth is getting moldy and worm-eaten, and requiring us to keep around code that should really be dead.