> On Thu, Jun 21, 2001 at 01:15:12PM -0700, some SMTP stream spewed forth:
> > On Tue, Jun 19, 2001 at 12:44:40PM -0700, Terry Lambert wrote:
> > > Giorgos Keramidas wrote:
> > > >
> > > > On Sun, Jun 17, 2001 at 01:51:56PM -0700, Kris Kennaway wrote:
> > > >
> > > > > libbn is already part of OpenSSH; it's a trivial matter to make it
> > ^^^^^^^
> > I meant to say OpenSSL here, of course.
> > > > > into a standalone library. In other words, we already include two
> > > > > functionally equivalent bignum libraries in FreeBSD, so one of them
> > > > > should go.
> > > >
> > > > I couldn't agree more :)
> > >
> > > I'm going to word this strongly, mostly because I feel
> > > strongly about the underlying issues.
> > >
> > > The SSL one is known to be very slow, and was written
> > > as a proof of concept by the author. Please read the
> > > release notes; it is seriously slow. Replacing it will
> > > increase your SSL performance significantly.
> > I know of no-one who has developed patches to make OpenSSL work with
> > an external math library (e.g. libgmp). The OpenSSL guys are very
> > interested in cleaning up their legacy code; you should work with them
> > if you are interested.
> > In FreeBSD, the only use of the libgmp code is for non-speed-critical
> > applications, so replacing it with a less efficient library doesn't
> > cost anything. libgmp will still exist in ports for applications
> > which want to make use of a more efficient library.
> Am I understanding this correctly?
> We currently have implemented a more efficient library than one you
> propose expending effort to plug in?
> You propose that people remove the currently implemented and more
> efficient library and replace it with a less-efficient library of
> non-native BSD origin?
No. We are talking about removing a GPL infected library from the base
tree that is used by a couple of utterly performance irrelevant utilities
and making these couple of utilities (secure-rpc key generation tools)
use the OpenSSL bignum API - where OpenSSL has a BSD-style license.
This has absolutely no effect on openssl at all.
> Really? This hardly seems like a good idea.
No. We can't plug libgmp into openssl anyway due to GPL infection and the
resulting license conflicts. openssl *explicitly* may not be distributed
under GPL. And building libgmp into openssl would require exactly that.
If you want to add hooks for plugging in another bignum library into
openssl, go for your life. But if that adds GPL exposure, then we're not
interested because we cannot distribute it.
Peter Wemm - [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message