need to do this.

if so gcc3 should create them itself.

that direclty uses /etc/ssl/{,private} by default. Adapt the httpd.conf example
accordingly.
ok florian@ benno@ millert@

Do it now deraadt@

checks for the correct mode/ownership.
prodded by ajacoutot@

/root/.ssh/authorized_keys file with correct permissions (0600 for the
file, 0700 for /root/.ssh dir). Since we encourage administrators to use
public keys only if they want to access root account via ssh, might
aswell make it easier, this will be particularly useful in
managed/provisioned environments (think ansible & others).
Note that administrators might get an e-mail from security(8) if the
file suddenly appears after an update - this is of course expected :)
ok tb@ sthen@ rpe@ ajacoutot@

OK tb@

ok natano

/var/db/acpi directory. Later sendbug(1) will use this data in
bug reports. That directory is created by mtree.
idea from and OK deraadt
OK kettenis

ok deraadt@ sthen@ florian@

while here, remove the comment for man6, according to ingo's system...

before descending, after ascending, but not around single-subdir dirs

OK many

shortly when we use the hardware thread register in userland

workarounds.  Some of them will soon stand in the way of armv7.
Off to the attic you go.

ok jung@ (some time ago) phessler@

hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis

CUPS wants it to be a symlink, and that is probably the most common
printing system.  Bad idea to constantly spam everybody about that!
Antoine already adjusted the file permissions in pkg/cupsd.rc rev. 1.24.
OK ajacoutot@  (print/cups MAINTAINER).

lots of agreement.

won't complain in the daily(8) mail.
ok ajacoutot@

Add /var/spool/output/lpd to mtree(1).
This removes the ability for the daemon group to write directly under
/var/spool/output; though no breakage is expected since this directory was only
supposed to contain line printer spooling directories.
ok sthen@

the doas program itself will refuse to use an insecure config file.
(changelist will continue to watch for changes, as well.)

creating the directory /usr/share/nls.  Having a non-existing default
path in catopen(3) does not make sense, so remove it.  If the user
does not specify a NLS path, better fail early than fail because
of an empty directory.  Remove path form hier(7).
OK stsp@ schwarze@ jmc@

ok gilles@

requested by several
discussed with deraadt@

to hook the rc script and modify etc/rc.conf to make it disable by
default.  Also add an entry for /etc/radiusd.conf to etc/changelist
and etc/mtree/special.
ok deraadt

server and radiusctl(8) is to control the server.  radiusd(8) currently
supports bsdauth and radius (upstream radius servers) as authentication
backends.
fixes from jsg blambert
ok deraadt

ok henning@ gilles@ deraadt@

subdirectories (/var/nsd/zones/{master,slave}) and create these in mtree.
Nearly everybody that uses NSD for slave zones that I talked to already has
this layout. Bikesh^Wdiscussed with ajacoutot florian millert and others.
ok ajacoutot@ florian@ phessler@ claudio@ jung@

often space-constrained /var filesystem was a historical mistake.  There
are big implications for the daemons which assume they won't run out of
space, and this is a first step towards trying to improve the situation.
Move /tmp to the same 7-day expiration rules that /var/tmp had.
vi.recover works just as well as before, except on memory filesystems;
indicating that vi should be repaired to write files into homedirs or
something.
done with rpe
ok many

ok matthieu@

ok matthieu@