Le 22 déc. 2013 22:00, "Ben Hutchings" <ben@decadent.org.uk> a écrit :
>
> On Sun, 2013-12-22 at 19:52 +0000, brian m. carlson wrote:
> > On Sun, Dec 22, 2013 at 08:12:40PM +0100, Andreas Metzler wrote:
> > > How to continue from here/solve this:
> > > ---------
> > > #1 Fork LGPLv2.1+ GMP (version 4.2.1) for Debian.
> >
> > This seems like the best idea, as it lets us use newer versions of
> > GnuTLS that support elliptic curves with the minimum amount of pain.
>
> I think this would be a good idea if GnuTLS doesn't depend on too many
> features of newer GMP.
>
> [...]
> > > #6 Move to GnuTLS3, drop GnuTLS2. Packages which cannot use GnuTLS3
> > > for license reasons will need to drop TLS support or be relicensed or
> > > be ported to a different TLS library.
> >
> > I don't think this option is a good idea. It will leave git without
> > HTTPS support, since libcurl3-nss doesn't actually work for HTTPS.
> > libcurl3-nss requires an additional library not in Debian for the crypto
> > support to work at all, and despite me filing bugs, neither the NSS nor
> > the curl maintainers have stepped up to fix this.
> >
> > This also doesn't consider the fact that NSS provides poorer crypto
> > support than either OpenSSL or GnuTLS, although it's getting better.
>
> The free software world desparately needs a permissively licenced TLS
> library with sane default behaviour. OpenSSL or GnuTLS seem to have
> failed us on both grounds, and I hope interested developers will
> cooperate with the Fedora developers in making NSS usable by more
> applications.
Fedora created a open SSL compat library based on libnss. I can package it if i get a sponsor
> Ben.
>
> --
> Ben Hutchings
> If at first you don't succeed, you're doing about average.