[Swan-dev] Regarding renaming ipsec.conf options

Tuomo Soini tis at foobar.fi
Fri Apr 18 22:17:54 EEST 2014

On Fri, 18 Apr 2014 01:05:48 -0400 (EDT)
> But is that goal worth making all the existing configuration files and
> documentation break in a few years? I don't know. I am not that
> bothered by the option names as they are (but I created a bunch of
> them so I might be biased)
> > Good design can benefit from collaboration.  That's why I post what
> > I'm hoping to do before I do it.  But you are often the only
> > responder.  Too bad.
> There are many more consumers than developers, as it too common with
> open source software :(

Only way for us to obsolete old configuration variables is to make sure
NONE of our current documentation uses those. That's the only way.
After line 5+ years old options can possibly be dropped. But I really
see merit in makin all "_" translated to "-" - we just must make sure
old options will work for years.

This is something like obsoleted keylife option. This was obsoleted at
very beginning of openswan-2.6.x series but it's still heavily used
because it's used in documentation a lot.

For example ikelifetime= section in man page points to keylife and not
salifetime as it should - To obsolete a keywaord we must just clearly
point out "You should not use this obsoleted keyword which might stop
working in future releases."

There is no other way to obsolete configuration variables.

Add new variable to documentation, and use new variable all over the

Add old variable to documentation and list it as obsoleted, don't use
this any more, use this new variable instead - this must also be in
documentation so people know to change their configuration.

DHR: go for it, using consistent style for all config variables is very
good thing.

More information about the Swan-dev mailing list