Subject: Re: IPSEC in GENERIC
To: None <tech-kern@netbsd.org>
From: Michael van Elst <mlelstv@serpens.de>
List: tech-kern
Date: 02/20/2006 21:55:40
jonathan@Pescadero.dsg.stanford.edu (Jonathan Stone) writes:

>Michael, I *do* control machines which run GENERIC kernels, I want
>to *keep* running GENERIC kernels, but I *do* want a way to turn off
>IPv6 on those machines *without* having to build custom kernels.

>Is any part of that hard to understand?  I'm not understanding
>why you don't understand it.

Indeed, that is very difficult to understand, because for you it
is very easy to build a custom kernel.


>>However, GENERIC is what gets installed initially, what might be the
>>only choice for some people and is necessarily the first choice for
>>newcomers. Having IPSEC there is worthwhile even when it spoils
>>benchmarks.

>Yes, those are precisely the sorts of reasons why detuning benchmark
>performance of GENERIC is widely regarded (by several senior NetBSD
>developers) as being a bad idea.  I recall there was quite a strong
>consensus on that, last time the issue came up.

Let me rephrase this with the words in my argument to make sure that
I understand your words correctly.

Making a GENERIC kernel support IPSEC initially is bad.
Making a GENERIC kernel for people useful that rely on the initial install is bad.
Making a GENERIC kernel as versatile as possible for newcomers is bad.
Making a GENERIC kernel that spoils benchmarks is bad.
And that is supported by several senior NetBSD developers.

Yes, that makes your point crystal clear. But I do not agree.

-- 
-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."