May I ask why you ask these questions on the Debian security list and not on the Debian exim4 users list?
On Mon, Apr 03, 2006 at 11:34:18PM +0200, Jaroslaw Tabor wrote: > I've problems with exim4-daemon-havy and its TLS support > (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348046). > I suspect that problem is related to GnuTLS, so I want to rebuild exim4 > against OpenSSL to check if it will help. > > Can anyone tell me if there is any security risk to use openssl in > exim4 ? Yes. No. > Is there any advantage of GnuTLS over OpenSSL ? GnuTLS' License fits better in Debian's freeness concept. > I'm using OpenSSL based applications (i.e. courier-imap-ssl) for a long > time without ANY problems. What was the reason to use GnuTLS in exim ??? Linking openssl against GPLed software is not allowed without an explicit exception in the GPLed software's license since openssl's license is incompatible with the GPL. We chose GnuTLS to avoid these license issues. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
