On Sun, Dec 22, 2013 at 9:59 PM, Ben Hutchings <b...@decadent.org.uk> wrote: > On Sun, 2013-12-22 at 19:52 +0000, brian m. carlson wrote: >> On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote: >> > How to continue from here/solve this: >> > --------- >> > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian. >> >> This seems like the best idea, as it lets us use newer versions of >> GnuTLS that support elliptic curves with the minimum amount of pain. > > I think this would be a good idea if GnuTLS doesn't depend on too many > features of newer GMP. > > [...] >> > #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3 >> > for license reasons will need to drop TLS support or be relicensed or >> > be ported to a different TLS library. >> >> I don't think this option is a good idea. It will leave git without >> HTTPS support, since libcurl3-nss doesn't actually work for HTTPS. >> libcurl3-nss requires an additional library not in Debian for the crypto >> support to work at all, and despite me filing bugs, neither the NSS nor >> the curl maintainers have stepped up to fix this. >> >> This also doesn't consider the fact that NSS provides poorer crypto >> support than either OpenSSL or GnuTLS, although it's getting better. > > The free software world desparately needs a permissively licenced TLS > library with sane default behaviour. OpenSSL or GnuTLS seem to have > failed us on both grounds, and I hope interested developers will > cooperate with the Fedora developers in making NSS usable by more > applications.
I plan to package http://rcritten.fedorapeople.org/nss_compat_ossl.html Note that the certificate problem have been solved by recent p11-kit package And if we solve https://bugzilla.mozilla.org/show_bug.cgi?id=402712 we have something sane I think Bastien > > Ben. > > -- > Ben Hutchings > If at first you don't succeed, you're doing about average. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAE2SPAYk9sAn=a23jpnrd_vqb_mnmhpn3f+a-t4pwmuve4z...@mail.gmail.com
