Just wanted to tell that I am quite happy not to have boringSSL in
Debian - main. I think it is depeerable there apart from the security
risk of adopting the SSL package from a company which was largely funded
by intelligence services and the Pentagon. I would rather like to see
OpenBSD`s libressl as an option for Debian. I believe the OpenBSD
programmers have done a pretty good job at it!
Elmar
Am 2016-05-13 um 08:44 schrieb Moritz Mühlenhoff:
殷啟聰 <seamli...@gmail.com> schrieb:
Dear Debian Security Team,
Our contact address is t...@security.debian.org, not debian-security...
The "android-tools" packaging team
<https://qa.debian.org/developer.php?login=android-tools-devel%40lists.alioth.debian.org>
are introducing BoringSSL, a fork of OpenSSL by Google. The latest
Android OS and its SDK no longer use OpenSSL and they use some APIs
only provided by BoringSSL, hence we are bringing BoringSSL to Debian.
You can see the ITP at <https://bugs.debian.org/823933>.
No, that's not acceptable. You can try to provide that additional APIs
on top of OpenSSL, but we're not going to support an entire OpenSSL
fork just for Google's NIH syndrome.
Cheers,
Moritz