Subject: Re: imap-uw package and SSL
To: NetBSD Packages Technical Discussion List <tech-pkg@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-pkg
Date: 08/15/2002 12:18:24 
[ On Wednesday, August 14, 2002 at 05:51:57 (-0500), Frederick Bruckman wrote: ]
> Subject: Re: imap-uw package and SSL
>
> On Tue, 13 Aug 2002, Greg A. Woods wrote:
> 
> > + IMAP_UW_USE_SSL?=     YES
> > +
> 
> The policy is to set defaults in bsd.pkg.defaults.mk, or not at all,
> which is why I took the contrapositive of the natural logic.

Good point.

Of course in a properly consistent configuration the policy still is set
there.  This line is just there for defensive programming.

This is because I found in testing that if somehow the variable were not
to be set at all then the expressions using it would fail
catastrophically.  Perhaps there's a better way to write a "safe"
expression?

Obviously such an error would indicate someone's damaged the contents of
their bsd.pkg.defaults.mk file, but still it seems like the kind of
error users could easily cause and thus the kind I'd rather program
defensively to avoid.

> I'm not ready to tackle disabling it in the clients and testing all
> possible variations, though in light of recent events, perhaps that's
> not unreasonable. My thoughts when enabling SSL in lynx, libwww,
> imap-uw, et. al. in the first place, were, that since it's part of the
> base system anyway, it shouldn't be any trouble. Maybe some committer
> who's running a platform that doesn't include openssl would like to
> take that up with you.

Indeed this mechanism I've been experimenting with is for use on my own
SSL-free host -- it just happens to be a really old NetBSD...  :-)

I think Rick's point about having certificates to use which are signed
by one of the mega-CAs recognized by default by the majority of
"commercial" software adds weight to the desire to have some flag to
more selectively control the addition of SSL support to any given
application.  I personally would rather have a web of trust that I as an
end user control, but I suppose the vast majority of hapless users
who've been stuck with IE or Netscape or the like on their desktops may
not agree, at least not at first glance.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>