On Wednesday, April 05, 2017 17:09:34 Jan Kurik wrote: > Might not be directly related, but just for a reference - one of the > F26 Changes (currently deferred to F27) is doing the same for > OpenLDAP: https://fedoraproject.org/wiki/Changes/OpenLDAPwithOpenSSL I have prepared a draft of the change proposal. Could you please have a look? https://fedoraproject.org/wiki/Changes/libcurlBackToOpenSSL Thanks in advance! Kamil > Regards, > Jan > > On Wed, Apr 5, 2017 at 4:33 PM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > > On 04/05/2017 09:59 AM, Colin Walters wrote: > >> On Wed, Apr 5, 2017, at 09:52 AM, Kamil Dudka wrote: > >>> In order to make even smaller Fedora base images, it was proposed to > >>> switch > >>> libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which > >>> motivated the switch of libcurl from OpenSSL to NSS ten years ago, is > >>> now > >>> deprecated and libcurl is the only package that pulls NSS as its > >>> dependency > >>> into the Fedora base image. Hence, by switching libcurl back to > >>> OpenSSL, we could create Fedora base image that contains fewer crypto > >>> libraries inside.>> > >> Makes sense to me - from the Atomic Host perspective, we are switching > >> ostree to use libcurl, since libdnf already does (and librepo hard > >> depends > >> on OpenSSL, even though libcurl used NSS). > >> > >>> Additional proposal that would help to reduce the size of base image is > >>> the > >>> libcurl-minimal subpackage, which can be installed installed as a > >>> lightweight replacement of the libcurl package, with smaller size and > >>> fewer dependencies.>> > >> I'm in agreement with this except: > >> > >> # configure minimal build > >> ... > >> > >> --without-nghttp2 > >> > >> I'd really prefer to keep HTTP2 available by default - it can be > >> dramatically better. > > > > I'll second this: it looks like libnghttp2 does not pull in any > > dependencies that wouldn't already be part of any minimal install (just > > glibc and ld) and its filesystem space is only about 150k uncompressed. > > > > It's probably reasonable to keep this in our minimal set for the HTTP2 > > functionality. > > > > > > _______________________________________________ > > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
