On Wed, Jul 06, 2022 at 10:45:06AM +0200, Ævar Arnfjörð Bjarmason wrote: > Would it be viable / at all sane to embed the part of the library we > need in our sources, similar to what we do for sha1dc? Or perhaps it's > not worth it at all... I doubt it's worth it. It's a big library with tons of algorithms, most of which we won't need. And the implementation has lots of asm and platform-specific knobs. I wouldn't want to try extracting any of that from their autoconf file, nor putting (more) autoconf inside our repository. For sha1dc, I think including a vendored copy was important for us making it the default, and we wanted to do that for the security implications. A 12% speedup is OK to leave on the able for the default build, and people can easily link against the system libnettle if they care enough. And other linkable implementations are in the same boat; openssl is even faster than libnettle on my machine. -Peff
