Re: F26 System Wide Change: OpenSSL 1.1.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



BTW openssl changes.

Is it any official Fedora policy/call to move away from openssl?
I'm asking because I've noticed that some packages seems have been switched from openssl to gnutls.
Examples of those packages is wget:
* Tue Jul 26 2016 Tomas Hozza <thozza@xxxxxxxxxx> - 1.18-2
- Switched openssl to gnutls for crypto

Another package example which is is linked with gntls instead with openssl is lftp.

A the moment in Fedora is possible to use three types of SSL/crypto libraries: gnutls, openssl and nss.
Short test on my system:

$ for i in nss gnutls openssl-libs; do echo -n "$i ";  rpm -e $i 2>&1 | awk '{print $6}' | grep -v ^$i | sort | uniq | wc -l; done
nss 57
gnutls 33
openssl-libs 110

Result is that some applications on runtime are loading more than one of those libraries.
It would be good to form kind of official guidline about using those alternative libraries and start pushing to use only one.
In most of the cases is possible to choose between use openssl and gnutls on compile time. In case some packages some people prepared patches allowing to choose openssl instead gnutls.

Very similar situation is with expat vis libxml2. Biggest problem is with fontconfig which is used by few widely used packages used on desktop. Almost all GNOME source code is only developed to use libxml2 however using by those software fontconfig is causing that both xml parsing libraries are loaded into memory on runtime.
It is very good reason to choose libxml2 over expat which is lower memory consumption and some benchmarks shows that libxml2 is faster than expat.
Again some sample from my system:

$ for i in expat libxml2; do echo -n "$i ";  rpm -e $i 2>&1 | awk '{print $6}' | grep -v ^$i | sort | uniq | wc -l; done
expat 49
libxml2 144

This duality is causing loading both libraries in case for example apache web server with loaded php and xml php extension. Apache is using expat and php is using libxml2. Apache is especially messy because even in his own source tree some modules are/can using libxml2 and other only expat.

IMO where never is now possible to choose between expat and libxml2 IMO officially libxml2 should be used.
Actually in case of fontconfig switching to use libxml2 is very easy.All what needs to be done is add --enable-libxml2 --without-expat to configure options and switch in BuildRequires from expat-devel to libxml2-devel, bump release and push to rebuild package.

kloczek
-- 
Tomasz Kłoczko |  LinkedIn: http://lnkd.in/FXPWxH
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux