Tobias Nygren <tnn%NetBSD.org@localhost> writes: > How about if bootstrap uses regular non-openssl tnftp, and we create a > separate "tnftp-ssl" package that avoids conflict with tnftp and can be > depended on later when the bootstrap is done? It would seem we can add a tnftp-nossl and point fetch to that (on other than NetBSD), if base system has no fetch at all. Then tnftp can be ssl always, and be used as the fetch client if the base system one isn't good enough. This would seem to meet Joerg's goal of not bloating bootstrap and your goal of having fetch work. I realize we tend not to want -nofoo, but it seems that in the modern world, an ftp/http client without TLS is more or less broken, so I think the unadorned name should have the ssl version.
Attachment:
pgpOgdsDAzw7r.pgp
Description: PGP signature