On Thu, 2008-10-09 at 15:45 +0400, Dmitry Butskoy wrote: > Addon of some extra functionality to NSS seems questionable as well. > Perhaps, in far future only. Unlike the OpenSSL and Gnutls, NSS seems > more stable, more tested, more certificated -- ie. more conservative. > Hence the support of some "corner" cases is not a primary goal. Usually these "corner cases" are just bad security practice, it is better if NSS keep you straight and does not let you mess with security related stuff. > BTW, in some areas OpenSLL looks more perspective. For example, Russia > have chosen other way for crypto in the state life -- so called GOST > instead of RSA. OpenSSL will start to support it since 0.9.9, plans of > NSS is unknown... As a result, the compulsion for NSS in Fedora can make > its usage impossible in the state organisations of some countries. Send inquiries to the NSS team about support of GOST in NSS then. > Another issue is license compatibility. Whilst OpenSSL is "widely used", > it can be considered as a "basic system application", hence programs may > link with it anyway (due to some exception in GPL etc...). After the > most of things will be switched to NSS, the OpenSSl itself will become > "an optional" instead of "system basic". The correspond exception in GPL > will not affect anymore, and the rest of GPL applications who still will > use OpenSSL will become illegal. Sorry but this is just legal mumbo-jumbo ... Simo. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
