From: "Justin Erenkrantz" <[EMAIL PROTECTED]>
Sent: Monday, September 03, 2001 12:57 PM
> I also think that we do not need to redistribute zlib in our source
> tree. I think it is common enough now that most OSes come with it.
> (I look at how we handle the OpenSSL library and think zlib falls
> in the same category.)
We don't distribute OpenSSL because it's a huge chunk of code!!!
We certainly can't rely on folks having 0.9.6b installed (or even 0.9.6a, the
absolute minimum to avoid some pretty significant holes, leaving a problem
or to remaining.) But we aren't about to distribute that much code, we have
a relationship with the maintainers (one sits on the ASF board), and _new_
crypto development still has hardships within the US. There is nothing new or
novel about mod_ssl, which is why we have no problem falling under the crypt
export relaxation for 'publicly available open sources'.
I have no issue with dropping the current (and httpd-maintained) zlib, returning
all patches to the authors. If there are problems with threading support + leaks,
we will need to fix them if we will call this 'supported'. Same as we do for
pcre and expat, which aren't as firmly established as the ASF or even the OpenSSL
organization. It adds some 160kb to the tarball, as distributed at zlib.org.
Bill
