Martin Albrecht wrote:
The only place I know it's used is to serve up secure notebooks, but I
bet its used elsewhere too. I see another option
IF that is all, then that hardly seems a major loss of functionality. I bet
most people don't use the secure notebooks anyway. I can see they have
advantages though, especially for commercial users. I admit, that is
something I would like myself, but I personally would just install
OpenSSL.
I do use the encrypted notebook and I would consider it a *major*
functionality loss if the option to encrypt my calculations which I send over
then net could not be encrypted anymore in a convenient manner. We should be
pushing to make the notebook more secure instead of giving up on security
completely. Of course, talk on my end is cheap and I haven't done anything
recently to make the notebook more secure.
Cheers,
Martin
I do agree the secure notebooks is useful. As someone who does contract work,
the ability to share data with a customer via a secure mechanism would be
important.
I suspect it would be possible to tunnel the traffic over SSH though, so having
security, even whilst the browser is using http, not https. You would know more
about that than me. But that adds considerably to the complexity for the end user.
But there does seem to be an issue with the license. In any case, if someone
installed OpenSSL, the security would be there - which is what I'd personally
just do.
But I can see no justification for letting someone try to build Sage, for it to
fail a couple of hours later, in a way we could have predicted in less than a
minute.
I think the 'prerequ' configure script should check for OpenSSL and exit if it
is not present, since we can be 100% sure Sage will not build without it.
Exactly what error message is produced would need to be discussed. But it's
crazy for 'prereq' to not check for it. Just as it would be crazy to not check
for perl, when we know it is needed.
I've recently updated 'prereq' to try to ensure that people are made aware of
build issues before they start.
* gcc too old.
* perl too old.
* gcc/g++/gfortran not all the same version
* not a mix of GNU and non-GNU compilers
etc etc.
To me, checking for OpenSSL support should be added to that list, since it is a
requirement to build Sage.
Dave
--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
