Paul Barker <p...@paulbarker.me.uk> writes: > On Tue, Feb 10, 2015 at 06:43:34PM -0600, Richard Tollerton wrote: >> Paul Barker <p...@paulbarker.me.uk> writes: >> >> > This recipe wraps package and package feed verification keys into a >> > package, >> > making the management and deployment of verification keys much easier. >> > Comments >> > on how to select keys for inclusion in this package are provided in the >> > recipe >> > file. >> >> Would you be receptive to this package being extended to support OpenSSL >> keys? > > I wouldn't advise it. > > There is no 'OpenSSL exception' in the opkg license and so a few people have > been worried that shipping binaries of opkg linked against OpenSSL is a breach > of the respective licenses. IANAL, but people have been concerned.
Do you recall if this is specifically because OpenSSL is statically linked into libopkg? (Why is that done, anyway?) > OpenSSL support is probably less tested than gpg support as well. > > However, if it's something you're already using, have tested and are > comfortable > with the licensing implications then go for it. Meh. We've got some existing OpenSSL infrastructure for other operating systems, so we were kinda sliding into an OpenSSL-based opkg setup by sheer inertia. But if gnupg is going to align better with everybody else long term, it's not too late to change directions. -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
