>>>>> "A" == A L M Buxey <[log in to unmask]> writes:
A> Hi,
>> I think it might be simpler if we did things as named policies
>> and left it up to people whether to integrate these named
>> policies into default/inner-tunnel or to generate their own
>> virtual servers.
A> you want this stuff to work and be adopted, right? there seem to
A> be only about a dozen people (well, based on the FR mailing
A> lists) that are able to configure a FR server with any complexity
A> in it. my proposal would deal with the other 99.90% of FR admins
A> - some of who are going to have this software forced onto them
A> and dont know any unix 101 :\
Yeah. and I think updates will be a lot easier if we give people a
policy file that they can just replace.
If you also want to give a moonshot server and moonshot-inner-tunnel
that calls that policy file, that seems like a fine approach.
However, some of the policy is complex enough that it's skirting the
boundary between configuration and software, and I think having the
kind-of-like-software bits isolated for easy update is important.
--Sam
|