[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crypto consolidation in debian ?

On Tue, Apr 26, 2011 at 7:20 PM, Marco d'Itri <md@linux.it> wrote:
> On Apr 26, Bastien ROUCARIES <roucaries.bastien@gmail.com> wrote:
>
>> I have seen that fedora is trying to consolidate the number of crypto
>> package shipped [1]. What do you think about this goal ?
> While I believe it to be a worthwhile goal, I have serious doubts that
> we should actively switch packages to NSS when this causes regressions.

Yes main drawback is lack of compression support (see [3]) but it
could be improved

> The reason is that the kind of entities which require FIPS 140 probably
> also tend to require corporate vendor support, which we do not provide.

Even if we do not support corporate, being FIPS 140 is worthwhile from
a security point of view: vendors what care about will provide quick
security fix.
Moreover from a marketing point of view it will be also nice.

> If building a package with NSS instead of other libraries does not
> causes relevant negative side effects then I think we should do it to
> benefit from the improvements which NSS is receiving and to help the
> process.

It will moreover reduce the license mess of openssl... And it is by
itself a worthwhile goal.

Bastien

[3] http://fedoraproject.org/wiki/Nss_compat_ossl

> --
> ciao,
> Marco
>
Reply to: