[Swan-dev] Regarding renaming ipsec.conf options

D. Hugh Redelmeier hugh at mimosa.com
Fri Apr 18 07:37:36 EEST 2014 

| From: Paul Wouters <paul at nohats.ca>

| On Fri, 18 Apr 2014, D. Hugh Redelmeier wrote:
| 
| >    - start a notional timer for the removal of the old spelling
| >      (two releases?)
| 
| There is no way we can obsolete keywords in two releases. That would be
| in the order of months!

Agreed.  What would be useful?  Two years?  Next major
disruptive-already revision?  It would be good to make a promise to
the users so that they can plan an orderly transition.

Certainly things have been marked obsolete already without being
ditched.  At least the manpage no longer suggests using them :-)
Unless I missed some uses (likely).

| While I'm less concerned about pluto options, as most people use our
| scripting and most people start pluto without options (using only
| --config /etc/ipsec.conf)
| 
| I'm very concerned with breaking keywords, especially for mostly esthetics
| reasons. It would break compatibility with openswan, making migration
| harder, make using the test harness with either openswan or libreswan
| harder, would invalidate all the documentation people wrote that google
| finds disfunctional, etc. If we really want to rename ipsec.conf
| options, we need to carry over the old ones in a time period of years,
| not months.

Sure.

BTW, I just tried googling for nat_keepalive and got hits for
nat-keepalive too.

As I've posted, the naming of options really could and should be
cleaned up.  But we can keep the old ones for some time.

Simplicity is an esthetic value.  But it is not only an esthetic
value.  It is also important for making the system understandable.
That is absolutely critical.  The system is very far into the woods as
far as simplicity is concerned.

Things have been thrown into the code.  They really need to be
organized to be coherent.  The bizarre collection of options related
to NAT Traversal is perfect example.

Here's a list of options from GNU programs (where the long option
processing comes from):
  <https://www.gnu.org/prep/standards/standards.html#Option-Table>
Lots of '-'; not one '_'.

================

Good design can benefit from collaboration.  That's why I post what I'm 
hoping to do before I do it.  But you are often the only responder.  Too 
bad.

More information about the Swan-dev mailing list