>> 	I've put a dummy function (which printf and abort) in place of idea/rc5
>> 	functions, into libcrypto.  if you link libcrypto_{idea,rc5} earlier
>> 	than libcrypto, you can override these dummy function with the real one.
>> 	in this way we won't change any ABI of libcrypto.  if some thirdparty
>> 	application tries to use idea/rc5 function without libcrypto_{idea,rc5}
>> 	they terminates by themselves.
>>
>> 	i don't think it is workable for package.
>Why not?

	I don't like shipping pkgsrc locally patched than minimal amount.
	it increases maintenance cost, adds delay in upgrade, and such.
	(even for base tree it is true, but base tree is easier to manage
	thanks to CVS)

>Well, I'd like to use netbsd's pkgsrc to make packages in a commercial
>product. Some of the packages I'm interested in use openssl, so I'd like
>to have the commercially-usable version. I also want to minimize drift
>between my pkgsrc and NetBSD's. When I suggested making an
>openssl-commercial, I was told instead to just rip out idea & rc5 instead.

	I vote for openssl-commercial.

>Also, I'm basing my decision to limit things to no-idea and no-rc5 on
>comments from the openssl web site. So while I'm not using a review from
>an in-house lawyer, I am going with what a lot of other folks are doing.
>:-)

	do you have any URLs for the "comments"?

itojun