On 10/08/2011 23:56, Gonéri Le Bouder wrote:
2011/6/28 Gonéri Le Bouder<[email protected]>:
2011/6/28 Guillaume Rousse<[email protected]>
Le 28/06/2011 11:57, Gonéri Le Bouder a écrit :
2011/6/28 Guillaume Rousse<[email protected]
This means we need to rebuilt the perl tree on the =~ 60 arch we already
have.
This will be long, say 1 year. That's the reason why I prefer a soft
transition.
The attached patch restore Net::SSL. The big difference is IO::Socket::SSL check
hostname directly within OpenSSL whereas Net::SSL don't. We have to do this
ourself which is error-prone.
This patch brings backs a lots of code (and the manual parsing or URL is
particulary ugly) for a technically inferior solution to a very specific
optional feature (certificate validation is optional). I'm not convinced
either than installing Crypt-SSLeay is easier than installing Net-SSLeay
for the final user. And I'm suspecting potential additional support
difficulties when investigating problems, when asking clueless user
which alternative they are using exactly.
As far as I understand it, the only interest of this alternative is an
easier transition for self-contained binaries distributions. Which is
not sufficient enough for me to balance code impact here.
An interesting point with this patch is OpenSSL stuff are loaded only
when needed. This
is more than 10MB memory saved here on my system.
Delaying loading of SSL stuff until an SSL connection is really needed
may save memory, indeed, but that's a different issue.
Guillaume, If you have no objection, I will apply it and then backport
it in 2.1.x branch.
I do object it for 2.2.x branch, whereas I have less objections for the
2.1.x branch. However, as build environments will need to be updated
anyway for 2.2.x, that's just delaying the problem.
--
BOFH excuse #150:
Arcserve crashed the server again.
_______________________________________________
Fusioninventory-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-devel
