Might not be directly related, but just for a reference - one of the F26 Changes (currently deferred to F27) is doing the same for OpenLDAP: https://fedoraproject.org/wiki/Changes/OpenLDAPwithOpenSSL Regards, Jan On Wed, Apr 5, 2017 at 4:33 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > On 04/05/2017 09:59 AM, Colin Walters wrote: >> >> >> On Wed, Apr 5, 2017, at 09:52 AM, Kamil Dudka wrote: >>> In order to make even smaller Fedora base images, it was proposed to switch >>> libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which >>> motivated the switch of libcurl from OpenSSL to NSS ten years ago, is now >>> deprecated and libcurl is the only package that pulls NSS as its dependency >>> into the Fedora base image. Hence, by switching libcurl back to OpenSSL, we >>> could create Fedora base image that contains fewer crypto libraries inside. >> >> Makes sense to me - from the Atomic Host perspective, we are switching >> ostree to use libcurl, since libdnf already does (and librepo hard depends >> on OpenSSL, even though libcurl used NSS). >> >>> Additional proposal that would help to reduce the size of base image is the >>> libcurl-minimal subpackage, which can be installed installed as a lightweight >>> replacement of the libcurl package, with smaller size and fewer dependencies. >> >> I'm in agreement with this except: >> >> # configure minimal build >> ... >> --without-nghttp2 >> >> I'd really prefer to keep HTTP2 available by default - it can be dramatically >> better. > > > I'll second this: it looks like libnghttp2 does not pull in any dependencies > that wouldn't already be part of any minimal install (just glibc and ld) and its > filesystem space is only about 150k uncompressed. > > It's probably reasonable to keep this in our minimal set for the HTTP2 > functionality. > > > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- Jan Kuřík Platform & Fedora Program Manager Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
