On 04/05/2017 09:59 AM, Colin Walters wrote: > > > On Wed, Apr 5, 2017, at 09:52 AM, Kamil Dudka wrote: >> In order to make even smaller Fedora base images, it was proposed to switch >> libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which >> motivated the switch of libcurl from OpenSSL to NSS ten years ago, is now >> deprecated and libcurl is the only package that pulls NSS as its dependency >> into the Fedora base image. Hence, by switching libcurl back to OpenSSL, we >> could create Fedora base image that contains fewer crypto libraries inside. > > Makes sense to me - from the Atomic Host perspective, we are switching > ostree to use libcurl, since libdnf already does (and librepo hard depends > on OpenSSL, even though libcurl used NSS). > >> Additional proposal that would help to reduce the size of base image is the >> libcurl-minimal subpackage, which can be installed installed as a lightweight >> replacement of the libcurl package, with smaller size and fewer dependencies. > > I'm in agreement with this except: > > # configure minimal build > ... > --without-nghttp2 > > I'd really prefer to keep HTTP2 available by default - it can be dramatically > better. I'll second this: it looks like libnghttp2 does not pull in any dependencies that wouldn't already be part of any minimal install (just glibc and ld) and its filesystem space is only about 150k uncompressed. It's probably reasonable to keep this in our minimal set for the HTTP2 functionality.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
