Re: CVS commit: wikisrc/projects/project

[Thomas Klausner <wiz%NetBSD.org@localhost>]

On Sun, Mar 18, 2012 at 02:51:11PM +0400, Aleksej Saushev wrote:
> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> 
> > On Sun, Mar 18, 2012 at 02:12:51PM +0400, Aleksej Saushev wrote:
> >> Thomas Klausner <wiz%NetBSD.org@localhost> writes:
> >> 
> >> > On Sun, Mar 18, 2012 at 03:33:06AM +0400, Aleksej Saushev wrote:
> >> >> "Bootstrapping" OpenSSL is part of problem, right.
> >> >> I still think that it would be much better if TLS was treated just like 
> >> >> curses:
> >> >> if a platform doesn't have it, that should be treated as an exception,
> >> >> rather than what we do now (treating all platforms like not having TLS 
> >> >> support).
> >> >
> >> > net/fetch on NetBSD does have TLS support by default...
> >> 
> >> Then we should make it default fetch method
> >
> > Fine with me, but ...
> >
> >> and stop using tricks when
> >> dealing with HTTPS sites.
> >
> > ... that still doesn't address the issue of non-NetBSD (in particular
> > non-openssl-in-base operating systems).
> >
> > I'm not yet sure how to solve this properly. Perhaps add an fetchs
> > package that's the same as fetch, but depends on openssl, make it the
> > default, but override it in openssl to use fetch instead.
> 
> In my opinion, TLS support should be default these days. Therefore
> non-TLS version should be exception, that is it should be something like
> "fetch-no-tls" vs "fetch" rather than "fetch" vs. "fetchs".

Fine with me, though I don't like the name "fetch-no-tls".

> As for "no-openssl-in-base", I don't see how it is different from how we
> handle curses currently. Bootstrapping procedure relies on its presense,
> we don't support it gracefully.

Just because other stuff is not done well doesn't mean that this
change shouldn't be done well.

My proposal above describes a better proposal. Of course, there might
still be better solutions, but adding a dependency on openssl in the
base system isn't one.
 Thomas