[Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

Weedy weedy2887 at gmail.com
Wed Mar 26 09:58:39 UTC 2014


On 26 Mar 2014 05:53, "Albert ARIBAUD" <albert.aribaud at free.fr> wrote:
>
> Le 26/03/2014 10:16, Olaf Westrik a écrit :
>
>> On 2014-03-25 23:22, Lonnie Abelbeck wrote:
>>>
>>>
>>> On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote:
>>>>
>>>>
>>>> Do you want openSSL instead of Nettle? If so, why?
>>>>
>>>> Cheers,
>>>>
>>>> Simon.
>>>
>>>
>>> I would prefer OpenSSL support.
>>>
>>> As a developer for a cross-compiled x86 open source project (AstLinux)
>>> building and maintaining additional libraries (particularly crypto) is
>>> not ideal when so many packages already require OpenSSL.
>>>
>>> We also try to keep the "bloat" out as much as possible, our
>>> compressed images are around 40 MB in size.
>>>
>>> Your excellent dnsmasq is one of our core packages, it would be our
>>> preference if it also supported the time tested OpenSSL shared
libraries.
>>>
>>> Obviously using Nettle is not a deal breaker, but I think OpenSSL vs.
>>> Nettle is a good discussion to have.
>>
>>
>>
>> I happen to be in a similar position as Lonnie.
>> Since we use packages that use OpenSSL (Apache, OpenVPN, wget, Perl
>> SSLeay), we already ship the openssl libraries and not nettle.
>>
>> Surely the addition of nettle, statically linked if need be, is not
>> something that will double the size of our image. I am more concerned
>> with the addition of yet another software package that needs to be
>> monitored.
>>
>>
>> If the license issue can be solved, would it be an option to use either
>> nettle or openssl depending on something like make -DUSE_NETTLE or make
>> -DUSE_OPENSSL?
>
>
> Seconded (albeit not as a packager, but as an end user occasionally
building dnsmasq), except I would prefer something along the lines of
-DCRYPTOLIB=OPENSSL / -DCRYPTOLIB=NETTLE.
>
>> Olaf
>
>
> Amicalement,
> --
> Albert.

Devs don't use openssl because they want to, they use it because they have
too. The library is an absolute clusterfuck.

I'm fine with not working on openssl support. We need to as a community
move away from openssl when ever possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20140326/a9bf26cf/attachment.html>


More information about the Dnsmasq-discuss mailing list