On 06/07/2006 10:53 PM, William A. Rowe, Jr. wrote:
> > There's another gray point, without OpenSSL, mod_ssl is a noop, that is, > it does no crypto. There is more crypto in mod_auth_digest, util_md5 or > in apr-util than there is in mod_ssl. I think this is an excellent point regarding the source. Without an SSL toolkit like openssl mod_ssl does nothing. It is no crypto software. Otherwise you could argue that httpd without mod_ssl is also crypto software, because you can use mod_ssl with httpd. So separating it into a subproject would not help either. So provided mod_auth_digest, util_md5 or apr-util do not impose further problems, we would only have problems of offering binary packages (which I understand we want to offer). Apart from any inconvience for the user, but only from the legal point of view: Is a binary httpd with mod_ssl compiled in crypto software if it is delivered without openssl? A complete different question: Does anybody know how mozilla.org handles these kind of problems with firefox? Regards RĂ¼diger
