[OpenAFS-devel] Building OpenAFS for Windows with Heimdal Compatibility

[Jeffrey Hutzelman]

--On Wednesday, September 29, 2010 03:13:03 PM -0400 Jeffrey Altman 
<jaltman@secure-endpoints.com> wrote:

> At the EuroAFS Conference in Pilsen,  Josh Howlett (JANET-UK) commented
> on the fact that without a modern supported GSS-API implementation on
> the Windows platform it would be impossible to support Project Moonshot.
>
>   http://afs2010.civ.zcu.cz/desc.php?name=moonshot
>
> The demand for a Windows implementation of GSS-API is clear.  If we do
> not have one, then we give up any ability to develop cross-platform
> applications and services that utilize the IETF standards for security.

I'm not sure how this is relevant to the question of whether we should be 
including copies of outside package SDK's in the OpenAFS source repository. 
In my opinion, the answer to that is quite clearly "no".  The OpenAFS 
source repository should contain the source for OpenAFS, period.  It should 
not contain the source for everything OpenAFS depends on (KfW SDK, bits of 
Heimdal, your compat SDK, etc), or everything you might want to deploy 
alongside OpenAFS (ntp), or everything you might want to use in managing or 
talking to OpenAFS (dumpscan, hostafs, various backup systems, etc etc etc 
etc etc).  It _certainly_ should not contain copies of things whose 
authoritative source is elsewhere, except when that is unavoidable (as for 
some of the Kerberos code in the kernel modules).


> Heimdal has its own repository and the Heimdal Compatibility SDK is a
> product of Secure Endpoints which has its own repository.  The question
> is not whether OpenAFS should become the upstream repository for Heimdal
> or the Compat SDK but whether OpenAFS should import the SDK from
> upstream as a means for distributing the OpenAFS approved version to
> developers.

And the answer is "no".


-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Carnegie Mellon University - Pittsburgh, PA