Re: Crypto consolidation in debian ?
On Tue, Apr 26, 2011 at 7:20 PM, Marco d'Itri <email@example.com> wrote:
> On Apr 26, Bastien ROUCARIES <firstname.lastname@example.org> wrote:
>> I have seen that fedora is trying to consolidate the number of crypto
>> package shipped . What do you think about this goal ?
> While I believe it to be a worthwhile goal, I have serious doubts that
> we should actively switch packages to NSS when this causes regressions.
Yes main drawback is lack of compression support (see ) but it
could be improved
> The reason is that the kind of entities which require FIPS 140 probably
> also tend to require corporate vendor support, which we do not provide.
Even if we do not support corporate, being FIPS 140 is worthwhile from
a security point of view: vendors what care about will provide quick
Moreover from a marketing point of view it will be also nice.
> If building a package with NSS instead of other libraries does not
> causes relevant negative side effects then I think we should do it to
> benefit from the improvements which NSS is receiving and to help the
It will moreover reduce the license mess of openssl... And it is by
itself a worthwhile goal.