Andrew Bartlett <[EMAIL PROTECTED]> writes: > On Sat, 2008-02-16 at 14:44 -0800, Russ Allbery wrote:
>> There are enough other reasons to use already-packaged software and >> enough reasons to use Debian in preference to other distributions (for >> what we're doing at Stanford; I'm not interested in discussing that >> position with anyone on this list) that it was worth helping fund the >> development of the GnuTLS support. That support basically works, >> recommended or not, which is a better place than we were in before. I >> can only hope that it will get better in the future, or that some >> miracle will happen with either OpenSSL licensing or Debian's legal >> interpretation of copyright, none of which I have any real control >> over. > What would it take to create a third way here with Mozilla's NSS? > For my sanity in Samba4, I keep bugging those involved with NSS and > nss_compat_ossl to create a gnutls-like API to NSS. Some aspects of the > API I like, while other aspects of the GnuTLS implementation drive me > nuts - such as draining and blocking on /dev/random... Development of a port to GnuTLS required changes on both sides, but wasn't particularly expensive. I expect that a port to Mozilla's NSS wouldn't be too much more difficult, although of course Howard would be the person to ask for an estimate. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
