On 28.9.2016 16:13, Tomasz Kłoczko wrote:
BTW openssl changes. Is it any official Fedora policy/call to move away from openssl? I'm asking because I've noticed that some packages seems have been switched from openssl to gnutls. Examples of those packages is wget: * Tue Jul 26 2016 Tomas Hozza <thozza@xxxxxxxxxx <mailto:thozza@xxxxxxxxxx>> - 1.18-2 - Switched openssl to gnutls for crypto Another package example which is is linked with gntls instead with openssl is lftp. A the moment in Fedora is possible to use three types of SSL/crypto libraries: gnutls, openssl and nss. Short test on my system: $ for i in nss gnutls openssl-libs; do echo -n "$i "; rpm -e $i 2>&1 | awk '{print $6}' | grep -v ^$i | sort | uniq | wc -l; done nss 57 gnutls 33 openssl-libs 110
I do not think we are going to drop any of these three tls/crypto libraries from Fedora (and RHEL) in foreseeable future. So there is no point in forcibly switching applications to particular one.
My personal recommendation would be to follow the application's upstream recommendation.
What we should strive for is to limit the use of crypto to one of these three libraries and avoid any additional ones with exception of libgcrypt for gnupg2.
Tomas Mraz _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
