linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Configuration help texts for IPsec
@ 2003-11-15 15:08 Wilmer van der Gaast
  2003-11-17 14:49 ` James Morris
  0 siblings, 1 reply; 7+ messages in thread
From: Wilmer van der Gaast @ 2003-11-15 15:08 UTC (permalink / raw)
  To: linux-kernel

[-- Attachment #1: Type: text/plain, Size: 643 bytes --]

Hi,

In the 2.6 kernel configuration, the help texts for all the
IPsec-related options say "Say Y unless you know what you are doing.".
Looks fine for people who applied the IPsec patch to a kernel which
comes without it, but now that it's in stock, it's probably not very
useful to force all users to use IPsec.

Just FYI,


Wilmer van der Gaast.

-- 
+-------- .''`.     - -- ---+  +        - -- --- ---- ----- ------+
| lintux : :'  :  lintux.cx |  | OSS Programmer   www.bitlbee.org |
|   at   `. `~'  debian.org |  | www.algoritme.nl   www.lintux.cx |
+--- -- -  ` ---------------+  +------ ----- ---- --- -- -        +

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Configuration help texts for IPsec
  2003-11-15 15:08 Configuration help texts for IPsec Wilmer van der Gaast
@ 2003-11-17 14:49 ` James Morris
  2003-11-17 14:57   ` Wilmer van der Gaast
  0 siblings, 1 reply; 7+ messages in thread
From: James Morris @ 2003-11-17 14:49 UTC (permalink / raw)
  To: Wilmer van der Gaast; +Cc: linux-kernel

On Sat, 15 Nov 2003, Wilmer van der Gaast wrote:

> IPsec-related options say "Say Y unless you know what you are doing.".
> Looks fine for people who applied the IPsec patch to a kernel which
> comes without it, but now that it's in stock, it's probably not very
> useful to force all users to use IPsec.

Nobody is being forced to use it: the advice is provided to help people 
get IPsec working properly.


- James
-- 
James Morris
<jmorris@redhat.com>



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Configuration help texts for IPsec
  2003-11-17 14:49 ` James Morris
@ 2003-11-17 14:57   ` Wilmer van der Gaast
  2003-11-17 15:07     ` Valdis.Kletnieks
  0 siblings, 1 reply; 7+ messages in thread
From: Wilmer van der Gaast @ 2003-11-17 14:57 UTC (permalink / raw)
  To: James Morris; +Cc: linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1241 bytes --]

James Morris (jmorris@redhat.com) wrote:
> > IPsec-related options say "Say Y unless you know what you are doing.".
> > Looks fine for people who applied the IPsec patch to a kernel which
> > comes without it, but now that it's in stock, it's probably not very
> > useful to force all users to use IPsec.
> Nobody is being forced to use it: the advice is provided to help people 
> get IPsec working properly.
> 
Yes, very true. But now that the patch is in 2.6 by default, I think the
situation changes.

Just imagine a person who doesn't even know what IPsec is, trying to
configure a 2.6 kernel. "IP: AH tranformation.. What's that? Let's check
the help page. Oh, it says I should just say Yes. Okay, let's do that."

Shouldn't the text "If unsure, say Y." be more like "If you want to use
IPsec, you need this."? Possibly with an addition like "If you don't
know what IPsec is, you don't need it."?


Greetings,

Wilmer v/d Gaast.

-- 
+-------- .''`.     - -- ---+  +        - -- --- ---- ----- ------+
| lintux : :'  :  lintux.cx |  | OSS Programmer   www.bitlbee.org |
|   at   `. `~'  debian.org |  | www.algoritme.nl   www.lintux.cx |
+--- -- -  ` ---------------+  +------ ----- ---- --- -- -        +

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Configuration help texts for IPsec
  2003-11-17 14:57   ` Wilmer van der Gaast
@ 2003-11-17 15:07     ` Valdis.Kletnieks
  2003-11-20  0:45       ` Eric Sandall
  2003-12-14 15:55       ` Florian Weimer
  0 siblings, 2 replies; 7+ messages in thread
From: Valdis.Kletnieks @ 2003-11-17 15:07 UTC (permalink / raw)
  To: Wilmer van der Gaast; +Cc: James Morris, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 447 bytes --]

On Mon, 17 Nov 2003 15:57:23 +0100, Wilmer van der Gaast said:

> Shouldn't the text "If unsure, say Y." be more like "If you want to use
> IPsec, you need this."? Possibly with an addition like "If you don't
> know what IPsec is, you don't need it."?

A lot of people don't have the foggiest idea what IPsec is, but do
know they're trying to use a VPN.  Probably need to include that in there,
if you're trying to do anything with the help text.

[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Configuration help texts for IPsec
  2003-11-17 15:07     ` Valdis.Kletnieks
@ 2003-11-20  0:45       ` Eric Sandall
  2003-12-14 15:55       ` Florian Weimer
  1 sibling, 0 replies; 7+ messages in thread
From: Eric Sandall @ 2003-11-20  0:45 UTC (permalink / raw)
  To: Valdis.Kletnieks; +Cc: Wilmer van der Gaast, James Morris, linux-kernel

Quoting Valdis.Kletnieks@vt.edu:
> On Mon, 17 Nov 2003 15:57:23 +0100, Wilmer van der Gaast said:
> 
> > Shouldn't the text "If unsure, say Y." be more like "If you want to use
> > IPsec, you need this."? Possibly with an addition like "If you don't
> > know what IPsec is, you don't need it."?
> 
> A lot of people don't have the foggiest idea what IPsec is, but do
> know they're trying to use a VPN.  Probably need to include that in there,
> if you're trying to do anything with the help text.

Agreed with both of the above, as many people don't need IPsec, so why should
they be incouraged (or rather, told to use) IPsec (note that the knowledgable
ones will probably know that they /don't/ need it, and so remove it, but that's
my point ;)).

-sandalle

-- 
PGP Key Fingerprint:  FCFF 26A1 BE21 08F4 BB91  FAED 1D7B 7D74 A8EF DD61
http://search.keyserver.net:11371/pks/lookup?op=get&search=0xA8EFDD61

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/E/IT$ d-- s++:+>: a-- C++(+++) BL++++VIS>$ P+(++) L+++ E-(---) W++ N+@ o?
K? w++++>-- O M-@ V-- PS+(+++) PE(-) Y++(+) PGP++(+) t+() 5++ X(+) R+(++)
tv(--)b++(+++) DI+@ D++(+++) G>+++ e>+++ h---(++) r++ y+
------END GEEK CODE BLOCK------

Eric Sandall                     |  Source Mage GNU/Linux Developer
eric@sandall.us                  |  http://www.sourcemage.org/
http://eric.sandall.us/          |  SysAdmin @ Inst. Shock Physics @ WSU
http://counter.li.org/  #196285  |  http://www.shock.wsu.edu/

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Configuration help texts for IPsec
  2003-11-17 15:07     ` Valdis.Kletnieks
  2003-11-20  0:45       ` Eric Sandall
@ 2003-12-14 15:55       ` Florian Weimer
  2003-12-14 21:13         ` coderman
  1 sibling, 1 reply; 7+ messages in thread
From: Florian Weimer @ 2003-12-14 15:55 UTC (permalink / raw)
  To: Valdis.Kletnieks; +Cc: Wilmer van der Gaast, James Morris, linux-kernel

Valdis.Kletnieks@vt.edu wrote:

> A lot of people don't have the foggiest idea what IPsec is, but do
> know they're trying to use a VPN.  Probably need to include that in there,
> if you're trying to do anything with the help text.

A pointer to the preferred set of userland tools would be appreciated.
Is <http://www.ipsec-howto.org/> up-to-date?

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: Configuration help texts for IPsec
  2003-12-14 15:55       ` Florian Weimer
@ 2003-12-14 21:13         ` coderman
  0 siblings, 0 replies; 7+ messages in thread
From: coderman @ 2003-12-14 21:13 UTC (permalink / raw)
  To: linux-kernel

Florian Weimer wrote:

>Valdis.Kletnieks@vt.edu wrote:
>  
>
>>A lot of people don't have the foggiest idea what IPsec is, but do
>>know they're trying to use a VPN.  Probably need to include that in there,
>>if you're trying to do anything with the help text.
>>    
>>
>
>A pointer to the preferred set of userland tools would be appreciated.
>Is <http://www.ipsec-howto.org/> up-to-date?
>  
>

For the FreeS/WAN 2.4 branch (do people use it in 2.6?):
    http://www.freeswan.ca/docs/

and with windows:
    http://www.jacco2.dds.nl/networking/freeswan-l2tp.html


And 2.6 with racoon:
    http://lartc.org/howto/lartc.ipsec.html  (chapter 7)


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2003-12-14 21:13 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-11-15 15:08 Configuration help texts for IPsec Wilmer van der Gaast
2003-11-17 14:49 ` James Morris
2003-11-17 14:57   ` Wilmer van der Gaast
2003-11-17 15:07     ` Valdis.Kletnieks
2003-11-20  0:45       ` Eric Sandall
2003-12-14 15:55       ` Florian Weimer
2003-12-14 21:13         ` coderman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).