Le 30 mai 2013 14:08, "Dennis van Dok" <denni...@nikhef.nl> a écrit : > > On 30-05-13 13:16, Bastien ROUCARIES wrote: > > > Using only one lib for crypto (libnss) will allow to use only one > > trust certificate format > > 'Allow only one' doesn't immediately strike me as beneficial, but I see > what you mean. The discussion is similar to others (such as about which > init system to support) where the question is 'why do we have X > implementations of Y?' where X > 1. > > There are pros and cons to such a bold plan as you propose. I can think > of a few, and I'm sure others can think of many more. But more > importantly, it takes effort to work out the plan, inventory the pros > and cons, calculate the required efford and herd it along. Most work on > Debian is on a voluntary basis, the available effort depends on what > people will want to invest (even just to read this e-mail!). I'm not > volunteering. > > But to seed the discussion (maybe): > > Pros: having only one crypto system will simplify the handling of > certificates.
Simplify security audit and get faits certification Avoid lice se issue with openssl ans GPL Avoid problem with gnutls ans suid > > Cons: > > - not all crypto libraries are equivalent; choosing one will exclude > some functionality provided by others SEE compat layer > - we somehow have to deal with legacy systems that can't convert > - adoption of new software that uses something else is harder > > Cheers, > > Dennis van Dok > -- > D.H. van Dok :: Software Engineer :: www.nikhef.nl/grid :: > Phone +31 20 592 22 28 :: http://www.nikhef.nl/~dennisvd/
