On 26/03/14 09:16, Olaf Westrik wrote: > On 2014-03-25 23:22, Lonnie Abelbeck wrote: >> >> On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote: >>> >>> Do you want openSSL instead of Nettle? If so, why? >>> >>> Cheers, >>> >>> Simon. >> >> I would prefer OpenSSL support. >> >> As a developer for a cross-compiled x86 open source project (AstLinux) >> building and maintaining additional libraries (particularly crypto) is >> not ideal when so many packages already require OpenSSL. >> >> We also try to keep the "bloat" out as much as possible, our >> compressed images are around 40 MB in size. >> >> Your excellent dnsmasq is one of our core packages, it would be our >> preference if it also supported the time tested OpenSSL shared libraries. >> >> Obviously using Nettle is not a deal breaker, but I think OpenSSL vs. >> Nettle is a good discussion to have. > > > I happen to be in a similar position as Lonnie. > Since we use packages that use OpenSSL (Apache, OpenVPN, wget, Perl > SSLeay), we already ship the openssl libraries and not nettle. > > Surely the addition of nettle, statically linked if need be, is not > something that will double the size of our image. I am more concerned > with the addition of yet another software package that needs to be > monitored. > > > If the license issue can be solved, would it be an option to use either > nettle or openssl depending on something like make -DUSE_NETTLE or make > -DUSE_OPENSSL? >
It's something I'd consider for a future release, but 2.69 needs to Out There soon, and that will certainly be Nettle only. As far as I'm concerned that's good, since if people want DNSSEC, they'll have to provide Nettle (statically linked, if preferred). We can take some time to see if openSSL can be made an alternative, but the nettle will have to be grasped fro 2.69. (Bad pun, sorry!) The licensing problem is real. I'm not the only copyright holder in dnsmasq, so even if I'm convinced, I'd need to try and identify and contact the other interested parties to modify the license. Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss