On Wed, Apr 05, 2017 at 03:52:22PM +0200, Kamil Dudka wrote: > In order to make even smaller Fedora base images, it was proposed to switch > libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which > motivated the switch of libcurl from OpenSSL to NSS ten years ago, is now > deprecated and libcurl is the only package that pulls NSS as its dependency > into the Fedora base image. Hence, by switching libcurl back to OpenSSL, we > could create Fedora base image that contains fewer crypto libraries inside. I'm just wondering, does this change anything from the security point of view? Has history shown one library to be better than the other, for instance in the number of important issues found in the TLS implementation? Also, wasn't there an issue with the OpenSSL's licensing and GPL? If it still is, could it affect any of the packages that are now using libcurl? -- Miroslav Lichvar _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
