build time options

Sam Hartman hartmans at MIT.EDU
Fri Jan 30 16:14:58 EST 2009

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> On Fri, Jan 30, 2009 at 03:03:59PM -0500, Sam Hartman
    Nicolas> wrote:
    >> >>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
    Tom> * Implement the "allow_weak_crypto" libdefault setting.  I
    Tom> was leaning in favor of "false" but recent discussion of the
    Tom> transition issues is calling that into question.  Unless I
    Tom> hear strong objections, I will assert that defaulting to
    Tom> "false" is acceptable for the alpha release and am willing to
    Tom> reconsider prior to final release.
    >>  I strongly object to this unless you meet Ken's documentation
    >> constraints.

    Nicolas> I also object unless the default is a build-time option.
    Nicolas> We would like to eventually get to where we do code drops
    Nicolas> from MIT, but we might need to make changes that can be
    Nicolas> seen as incompatible at potentially different times than
    Nicolas> MIT.

I agree that MIT's recent tendency to introduce vendor-specific code
with a bunch of build-time defines would be compatible with this.

I'd like to start a discussion of that practice.  I understand the
desire to minimize patches.  However I think it would be a good idea
to get some guidelines for when we accept build-time options and for
when we tell people to go maintain a patch.


More information about the krbdev mailing list