[OpenAFS-devel] A crypto layer for OpenAFS

[Russ Allbery]

Simon Wilkinson <sxw@inf.ed.ac.uk> writes:

> What I'd like to propose is that we pull in release version of hcrypto
> into src/thirdparty/hcrypto. The only commits that would be permitted
> into this portion of the tree are ones which take hcrypto from a later
> Heimdal release, and update our local copy. That is, any native
> modifications we require to hcrypto would have to be made upstream.

This is definitely the approach that I support.  From my perspective, it's
very important that we don't get ourselves into maintaining our own crypto
layer; we should just use someone else's.  I like the idea of using
Heimdal's because it's actively maintained and is already adapted for
kernel use, and it has a community and usage with significant existence
outside of OpenAFS, so it's unlikely that we'll get stuck having to
maintain it down the road.  Having the restriction that we don't maintain
local patches is very important to avoid slipping into maintaining it
ourselves.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>