Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
Symlink dereference fix for Linux broke the build there; corrected.
Fix issues on ancient FreeBSD, QNX, ancient NetBSD and Minix.
Improved reliability of hash function detection.
- Fix NULL deference for short self-extracting zip archives
- Don't dereference symlinks on Linux when reading ACLs
- Better detection of SHA2 support for old OpenSSL versions
- Fix parsing of input files for bsdtar -T
- Do not leak setup_xattr into the global namespace
- Fix build when an older libarchive is already installed
- Use O_BINARY opening files in bsdtar
- Include missing archive_crc32.h
- Correctly include iconv.h required by libxml2
- Infrastructure:
- Allow command line tools as fallback for missing compression
libraries. If compiled without gzip for example, gunzip will
be used automatically.
- Improved support for a number of platforms like high-resolution
timestamps and Extended Attributes on various Unix systems
- New convience interface for creating archives based on disk content,
complement of the archive_write_disk interface.
- Frontends:
- bsdcpio ready for public consumption
- hand-written date parser replaces the yacc code
- Filter system:
- Simplified read filter chains
- Option support for filters
- LZMA, XZ, uudecode handled
- Format support:
- Write support for mtree files based on file system or archive
content
- Basic read support for Joliet
- Write support for zip files
- Write support for shar archives, both text-only and binary-safe
