between action and name. Use this table as the example for populating by npfctl.
Drop the int-block table, it's quite cumbersome to have a firewall which
needs the internal network lists added if reboot. Use the localnet variable to
indicated which network we should pass in traffic from instead.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
Changes:
- The open flag: sqlite.OPEN_CREATE will open the DB for reading and
writing, adding sqlite.OPEN_READWRITE to sqlite.OPEN_CREATE will cause
the DB to not be created and prevent the script from continuing
- When using stmt:bind_parameter_index() the parameter needs to be
prefixed with ':' if that was used in the prepared statement,
otherwise the incorrect index of 0 is returned.
- The drop table statement has an "x" appended to the table name, looks
like a typo.
Patch by Travis Paul
Closes PR misc/50493
on startup
- create share/examples/wpa_supplicant/wpa_supplicant.conf and make it
known in the relevant places. Improvements welcome, my point was
ctrl_interface and "you seriously want this"
jmcneill