On 2017-12-12 01:12, Moritz Warning wrote: > On 12/11/2017 07:10 PM, Matthias-Christian Ott wrote: > [..] >> Do you think it would be worth the effort to unify the cryptography >> libraries in LEDE? > > This sounds like a huge task.
It is and needs a conscious commitment and decision of the project. So I thought it is best to discuss it on the mailing list. > Maybe you can extend a program so it supports a different crypto library that > is also used in the LEDE/OpenWRT ecosystem. That is the idea. LEDE would have a policy like, “If it is not impossible, packages need to use TLS library A and cryptography library B.” Package maintainers would adapt the package to these libraries. Then they would try to contribute the modifications to the upstream maintainer in hope that upstream maintainer would take over the maintenance of the modifications; otherwise, the package maintainer would have to maintain the modifications for LEDE. > That would sound like a good start to reduce library baggage. It certainly would be. The question is whether it is worth the effort. We would gain some additional security and reduce the image size and main memory requirements. Both memory sizes are increasing and so perhaps it won't be a problem anymore before we finished the effort. I think we also have some other areas where we could improve security more effectively. So I'm not sure whether it is worth the effort and therefore put the idea up for discussion. I do like the idea though that a distribution is a larger integration effort than just compiling some software and instead has a more ambitious conception of the overall system. Matthias-Christian _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
