On Thu, 2019-11-07 at 15:41 +0000, André Draszik wrote: > On Thu, 2019-11-07 at 14:08 +0000, Richard Purdie wrote: > > On Thu, 2019-11-07 at 14:01 +0000, André Draszik wrote: > > > On Thu, 2019-11-07 at 13:26 +0100, Alexander Kanavin wrote: > > > > I would rather keep the option to disable openssl, but simply > > > > switch it on by default > > > > > > Why complicate things, what's the use-case? If > > > libevent_openssl.so is > > > not > > > used by anything, that library will not be pulled in, as it is a > > > separate package now. > > > > Build time dependencies and hence build speed? > > > > It sounds trivial but all these inter-dependencies do mount up so > > if we > > don't need it, keeping things minimal has advantages. > > > > If there is a security issue in openssl, its one more thing that > > would > > have to be regenerated if a CVE fix were added too... > > What about helping make network connections more secure by enabling > ssl by default? Is yocto really advocating the use of unencrypted > connections?
No. Information like that about impact would help sway this discussion and should probably be in the commit message. Its a question of why as well as what and how. > If build time is the argument, why is stack protection enabled by > default in the compiler? > Why do other packages have OpenSSL support enabled by default? > > I could go on, but I don't care enough, v2 sent :-) It is important, I suspect the commit message needs more info to help ensure we make informed decisions... Cheers, Richard -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
