On Thu, 2019-11-07 at 14:08 +0000, Richard Purdie wrote: > On Thu, 2019-11-07 at 14:01 +0000, André Draszik wrote: > > On Thu, 2019-11-07 at 13:26 +0100, Alexander Kanavin wrote: > > > I would rather keep the option to disable openssl, but simply > > > switch it on by default > > > > Why complicate things, what's the use-case? If libevent_openssl.so is > > not > > used by anything, that library will not be pulled in, as it is a > > separate package now. > > Build time dependencies and hence build speed? > > It sounds trivial but all these inter-dependencies do mount up so if we > don't need it, keeping things minimal has advantages. > > If there is a security issue in openssl, its one more thing that would > have to be regenerated if a CVE fix were added too...
What about helping make network connections more secure by enabling ssl by default? Is yocto really advocating the use of unencrypted connections? If build time is the argument, why is stack protection enabled by default in the compiler? Why do other packages have OpenSSL support enabled by default? I could go on, but I don't care enough, v2 sent :-) Cheers, Andre' -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
