[Swan-dev] Regarding renaming ipsec.conf options

Paul Wouters paul at nohats.ca
Fri Apr 18 08:05:48 EEST 2014

On Fri, 18 Apr 2014, D. Hugh Redelmeier wrote:

> | There is no way we can obsolete keywords in two releases. That would be
> | in the order of months!
> Agreed.  What would be useful?  Two years?  Next major
> disruptive-already revision?  It would be good to make a promise to
> the users so that they can plan an orderly transition.

Well, unless we want to explain about RHEL7 libreswan versus our
libreswan for all those renames, you are looking at 5+ years :(

> Certainly things have been marked obsolete already without being
> ditched.

that has mostly been done in the last year.

> BTW, I just tried googling for nat_keepalive and got hits for
> nat-keepalive too.
> As I've posted, the naming of options really could and should be
> cleaned up.  But we can keep the old ones for some time.
> Simplicity is an esthetic value.  But it is not only an esthetic
> value.  It is also important for making the system understandable.
> That is absolutely critical.  The system is very far into the woods as
> far as simplicity is concerned.
> Things have been thrown into the code.  They really need to be
> organized to be coherent.  The bizarre collection of options related
> to NAT Traversal is perfect example.

But is that goal worth making all the existing configuration files and
documentation break in a few years? I don't know. I am not that bothered
by the option names as they are (but I created a bunch of them so I
might be biased)

> Good design can benefit from collaboration.  That's why I post what I'm
> hoping to do before I do it.  But you are often the only responder.  Too
> bad.

There are many more consumers than developers, as it too common with
open source software :(


More information about the Swan-dev mailing list