On Thu, 7 Sep 2000, Peter Wemm wrote:

> Mike Silbersack wrote:
> > Ok, now I have a question.  Using STARTTLS with sendmail is obviously OK
> > for us, since sendmail got the export liscense.  However, AFAIK, qmail and
> > postfix have obtained no such permission.
> 
> Postfix has done the BXA hoop thing too.  It is fully exportable (and
> reexportable) and has a TLS etc implementation.
> 
> Cheers,
> -Peter

Excellent, glad that 2/3 MTAs are done.

Now, on to qmail.  I'm assuming that Bernstein won't go through the hassle
of getting approval, especially since I don't know where the snuffle trial
is currently at in appeals.

However, the TLS patch for qmail at
http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch patches cleanly,
and works great.  Like OpenSSH / etc, it uses OpenSSL for all crypto work.

Which of the following options would be legal:

1.  Have the port fetch the patch from the .be site, patch qmail, and
finish building it.

2.  Include a (possibly modified) version of the patch in the ports tree,
which would be applied when building qmail.

(The port makefile would also wish to call the patched qmail makefile to
create a CA during the build process as well.  I'm not sure if that has
additional implications.)

I'm assuming #1's good, since that's how the OpenSSH port worked.  Would
#2 be any different?

Mike "Silby" Silbersack



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to