Hi, On 11/05/2010 03:36 PM, Diego Biurrun wrote:
On Fri, Oct 29, 2010 at 05:11:31PM +0300, Miika Komu wrote:(sorry for late reply due to the Nordsec 2010 conference which I was attending)npOn 10/27/2010 01:51 PM, Diego Biurrun wrote:What's with the top-posting all of a sudden? On Tue, Oct 26, 2010 at 10:30:23PM +0300, Miika Komu wrote:On 26/10/10 20:57, Diego Biurrun wrote:This thing is supposed to be infrastructure software that touches every single packet passing through a machine. For that it needs to become ultrafast and very reliable. At the moment it is neither.Not really all packets, just the HIP-related ones. Ultrafast and reliable calls for testing and performance optimization, not just polishing the code base.Precisely my point, HIPL still has a long way to go there. Let's not forget that it dabbles in cryptography, a field where it is frightfully easy to make important mistakes.
please elaborate? What is wrong with the crypto in HIPL?
I suggest we rethink if and how we split the HIPL binary packages. Is one monolithic package enough? Are hipd and hipfw independent enough to be separated?I think we should keep the current split with the packages because this is the way it works in most other standard packages and I assume we want HIPL to go into a mainstream linux distribution at some point.The thought of HIPL in widespread use scares me ;) Trolling aside, split packages make sense for large software packages or for minimal systems. Standard RPM/DEB packages of HIPL fall in neither category IMO.HIPL is not large, but we have needed just partial functionality of HIPL earlier. Splitting the packages was the most sensible way to me to avoid activating some parts of the software. The idea behind the minimal package is to provide minimal HIP functionality for the following cases: 1. Servers that don't need DNS proxy and hipfw 2. P2P-SIP over HIP prototype has it's own way of resolving HIs, no need for DNS proxy or the LSI support provided by hipfwOKAlso, P2P-SIP over HIP prototype used just a minimal installation of HIPL (libs + hipd), so there has been a prior need to select only certain parts of the software.But the "minimal" package is nonsense. It just depends on hipd and the tools, but the tools are hardly necessary for any installation, much less a minimal one."hipconf" is the one really needed from tools. Virtual packages are quite common.So would it make sense to keep hipconf in the hipd package?
Works for me.
I think there's not much benefit of merging the packages. For example, I see more benefit in migrating from the brittle debbuild script to a better way of handling the packaging (perhaps on a new branch). After all, it does not even work on Debian at moment...We should get rid of debbuild, yes. We already have Debian packaging in place, it just needs to be extended. But since we're overhauling the binary packaging infrastructure anyway, it makes sense to rethink now which parts of it are good and which need to be changed. Once we have the RPM infrastructure properly cleaned up, I will tackle the Debian packaging issue. Right now real Debian packaging stuff exists in the debian/ subdirectory, but it builds a single monolithic package.Go ahead with the monolithic package if you really believe it's the best way to go. However, you should then make sure to modify packaging correctly so that there is "Replaces: hipl-all, hipl-daemon, .." dependency included in the rpm and deb packaging. This way, we can ensure a flawless upgrade path from current split packages to the monolithic version. If there's naming changes in packaging, please remind me to update the installation instructions at hipl.hiit.fi.Good point, a smooth upgrade path is always nice. Please remind me of this should my scatterbrained self forget it.
Will do :)