--=-=-=
Content-Transfer-Encoding: quoted-printable


itojun@iijlab.net writes:

>>I'm fine with having kerberos 4 die now, and really, it should.
>
> 	so upgrade plan would be:
> 	- disable kerberos4 by default
> 	- import openssl 0.9.7b (or latest), with kerberos-and-ssl stuff
> 	  disabled.  shlib major bump.  kerberos portion would not build
> 	  for a while, i guess?

so, how do we deal with the api problem with openssl ?

keep old libdes and don't remove the compat glue (by defining
OPENSSL_DISABLE_OLD_DES_SUPPORT not including <openssl/des_old.h>) ?

> 	- massage kerberos5 portion to work with openssl 0.9.7

I've got a patch for this already, at least the kerberos lib part, but lots
of other code still uses the old des_ api.

Love

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (NetBSD)

iQIVAwUAPx0IkhZyDLTSep3UAQIQyw//UTgAHbcZpXO4qDe8jH9e5ytf/Lv4c846
U1nQsIoCm0UtSfAwV6bVkNRFo0oRUcD8cIhcY4ccFiVjlYokxJ0N6qkQAcE5Hem+
yqpq8Mo/KpuWDMRRo62kWApjBRUxyazGFH8wHotGYHU30Euj60t9IQc2D6NmPG0X
/hQBr502qAorsBGN75VRjvA5PthVrlI5OlnFpxJoiaoHinu18Rsz9AujxEX+2rtv
P+iYWIjJNxUtkUyb3FZ9vOZpmUvDj4J3rE7QlFdn7K0kqolLvD4CMjiTONGGsBYq
TFTFic0gqjcou/Odv/1W85Lg37YG5YNcGYdXMwhg1XTFEV5j4sYxkW9ql/yrTk4i
GNJZNp8qRk0gCSCmzO2macaqZmXvLMJjUw8BsSW5j7btgxOgBkevuaFvvOZIIMET
TXdZUaiCQa30DQITMSZIDac8DCS1uopqen6f9dSXlvkQA1WZ4GsFO+vSLjU5O/fm
yM0Aqb9zeQ8+EHDoBWwv9Ei4Q2I3OHitT4NwQrssD/AC2IIxzvKORkc9uKwDu4lf
krCbWDByMqMc0nqOof2zaU+CnXqtVqjg420lVJFYaa5SxuPa+veq07wWQGJ7ITV4
H2b/bIHzSelX8ArOsIbjlfSW1Y8qRZw5D+DQWI5ULvCaPrHhDRc/IJDjm3cnwXW8
24YrSp5cWVw=
=IAFh
-----END PGP SIGNATURE-----
--=-=-=--