Dear Debian folks, coreutils can link against OpenSSL, yielding a substantial speed boost in sha256sum etc. For many years, this was inadvisable due to license conflicts. However, as of bookworm, coreutils requires GPL-3+ and OpenSSL is Apache-2.0, so I believe all license compatibility questions have been resolved.
What would you think about having coreutils Depend on libssl3? This would make the libssl3 package essential, which is potentially undesirable, but it also has the potential for serious user time savings (on recent Intel CPUs, OpenSSL’s SHA-256 is over five times faster than coreutils’ internal implementation). Alternatively, what would you think about making sha256sum etc. divertible and providing implementations both with and without the OpenSSL dependency? Best, Benjamin
