16 Replies to “IPSEC out in DragonFly”

  1. You realize you are pointing at a code break over a decade old, correct?

  2. What is the currently recommended VPN solution for Dragonfly?

  3. OpenVPN works fine.
    I’m using it with a mix of DragonFly and Debian systems and even run a remote Elasticsearch node through an OpenVPN tunnel for what it is worth.

  4. Kk – I think there’s posts on the Digest historically where I’ve pointed at massive removals/streamlined code. Searching for it should turn up several.

  5. DragonFly is always removing older/deprecated code. It is definitely a feature.

  6. As for purging dead code, isn’t the source in Git, which would allow anyone to clone the repo and create pull requests? They may not get accepted, but I think that would be one way for folks to help purge dead code.

  7. @Tim

    Based on your numbers, OpenBSD and Dragonfly look quite impressive.

  8. OpenBSD is quite agressive with removing stuff that’s not maintained. They ripped out the entire Bluetooth stack, and as everyone knows they also forked OpenSSL and removed all the old crap (support for MS-DOS, etc.)

    They even came up with their own verb for that process: tedu (named after OpenBSD commiter Ted Unangst a.k.a. tedu).

    So you see many commits with a comment like this one:
    https://github.com/jyin0813/OpenBSD-src/commit/7a564f2764b903a744ee25715eded42615072bff

  9. @Anon

    That’s awesome they are that aggressive of removing the old and unmaintained.

    Would you consider OpenBSD the “most aggressive” at doing this out of all of the BSDs?

  10. DragonFly is probably as aggressive, although for different reasons. In OpenBSD they remove stuff that is not maintained because it’s a way to remove bugs, including security bugs; in DragonFly I think it’s more because it stands in the way of re-designing and improving the kernel.

    They have different priorities. While no one was maintaining IPsec in DragonFly, it’s well-maintained in OpenBSD (which was in fact the first open source OS to have an IPsec stack).

Comments are closed.