What needs to be done to get the FreeS/WAB KLIPS (kernel IPSEC)
patches into the standard kernel distribution? Or should the target
be a KLIPS module that plugs cleanly into a standard kernel? What
about the encrypting file system stuff?
My understanding that one of the potential problems is that the
Free S/WAN folks wanted to make it be the case that *no* changes be made
to the KLIPS code once it was merged into the kernel. This is a
complete non-starter, since kernel developers need to be able to make
interface changes, and then sweep through the KLIPS code to fix the code
to use the new kernel interfaces.
If it is the case that the KLIPS code must not be touched except by the
Free S/WAN folks, I have a hard time believing that Linus or the other
kernel developers would find that to be an acceptable state of affairs.
If the main reason behind this refusal to allow anyone outside of Canada
from touching the KLIPS code is paranoia about the U.S. and Canada
export control regimes, my advice would be to not worry about it. If
the U.S. crypto iron curtain lowers again, and Canada gets wussy and
decides to aid and abet the U.S. government, people can continue to do
the KLIPS development in some country that's outside the U.S.-enforced
crypto-iron curtain --- like Germany, or Australia, or Ireland, or any
number of other countries.
So FreeS/WAN is being very careful to ensure that US law clearly
does not apply. We won't even take a one-line bug fix from an
American, though we happily accpet problem reports.
I personally think if you want to enforce this restriction on code which
is going to be folded into the Linux kernel, that it will be a complete
non-starter.
- Ted
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/