On Sunday 23 July 2006 23:21, Jeremy Nelson wrote: > In the past, we have had discussions about whether EPIC should have > any mandatory dependancies. Most recently, we agreed that EPIC > could (or should) have a mandatory dependancy on ncurses. This has > not yet come to pass, but I know I have permission to do so should > the time be ripe. > > EPIC has long had an optional dependancy on openssl, since the > EPIC4-SSL project was merged in 4.5 years ago. Very recently EPIC5 > has sprouted support for openssl's evp api to do strong crypto.. > > Now the question comes to whether we should adopt openssl's BIO > api. This could not be done in a way that is "optional". It would > require that openssl be a mandatory dependancy of epic5. > > The pros are, the openssl BIO api is transparant and allows for a > lot of new things that I can't do now, with and without encryption. > This would reduce special cases and testing time, and increases > functionality. > > The cons are, openssl is a pig, not everybody has it installed, I > don't know whether it's legal to use it everywhere in the world, > and the general sentiment that epic should never have a mandatory > dependancy. > > What do you all think? > _______________________________________________ > List mailing list > List@epicsol.org > http://epicsol.org/mailman/listinfo/list
The main issue I see with requiring OpenSSL is versioning issues. If you do something that needs version X of OpenSSL and a user has version Y that can be an issue. OpenSSL is built in to many systems and can be quite a pain in the ass to upgrade. -- Thanks, Josh Paetzel _______________________________________________ List mailing list List@epicsol.org http://epicsol.org/mailman/listinfo/list