On Mon, Jun 16, 2014 at 10:31 AM, Steven Barth <cy...@openwrt.org> wrote: > Hi Nikos, > Is there a reason for not having dnssec by default? If there is a way > to disable it, I believe it will only be beneficial to have it in. > The main problem here is that this increase the default image size > significantly plus we can't even reuse all the added crypto code because > none of the core or important services use nettle. It would be nice to see > dnsmasq interacting with a more mainstream embedded crypto library like > polarssl or so.
On the contrary I'd prefer if it doesn't. Nettle is an open project under LGPL that anyone can contribute and can be reused by a variety of software; polarssl is closed commercial project under a commercial license with a GPLv2 exception. > Also I would probably let all the DNSSEC deployment and the dnsmasq > implementation mature a bit more before considering to enable it by default > for everyone. But thats just my personal opinion. Well, it will never mature if it is not distributed :) regards, Nikos _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
