Re: Will OpenSSL's license change impact us?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Mar 25, 2017 at 10:52:47PM +0100, Ævar Arnfjörð Bjarmason wrote:

> > If we want to consider performance-related concerns, I think the easier
> > solution is using Nettle, which is LGPL 2.1.  Considering that the
> > current opinions for a new hash function are moving in the direction of
> > SHA-3, which Nettle has, but OpenSSL does not, I think that might be a
> > better decision overall.  It was certainly the implementation I would
> > use if I were to implement it.
> 
> Yeah there's a lot of options open for just sha1-ing, but we also use
> OpenSSL for TLS via imap-send.

These days imap-send has basically two implementations: one that speaks
imap itself (optionally using openssl), and one that just uses curl's
imap support.  If you build with NO_OPENSSL, the curl implementation
kicks in by default.

So I think any distro worried about licensing can just "make NO_OPENSSL"
today and get full functionality.

Curl may use openssl behind the scenes, of course, but distros already
have to deal with that (at least on Debian, you can drop-in gnutls).

-Peff



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]