On 24/08/2019 21:40, Gert Doering wrote:
> Hi,
> On Sat, Aug 24, 2019 at 06:04:21PM +0200, Arne Schwabe wrote:
>> I want to give you an honest opionion of mine to merging WolfSSL in
>> OpenVPN. Please note, that this is my personal opinion and not to be
>> confused to be an official OpenVPN community project or OpenVPN Inc
>> position.
> Arne summarized things quite well.  New and large additions need to
> balance "what *our* users want/need", "what the core team finds 
> interesting enough to spend time on" and "how expensive in terms of 
> maintainer lifetime will it be to maintain that stuff".
> Since we're currently short on contributors that can review crypto
> related code changes, and we do not have anyone in the team today
> that can review WolfSSL interface code at all, this isn't likely 
> going to happen in the near future.

I have to say both Arne and Gert do have some really valid points.

But there is a lot to learn from Fox-ITs involvement.  We *are* open to new
contributors, who can be resources on various segments of OpenVPN.  And we
have few resources who really understands the depths of cryptology; we lean a
lot on Steffan and Arne currently.  But the initial PolarSSL support got
acceptance because they more or less promised to help OpenVPN in the future on
the crypto side.

What I'm saying, if you in WolfSSL are willing to help out, be available and
help out responding to crypto related questions and patches on this -devel
mailing list, be present in the community IRC channels, etc ... this would
make it far easier to accept another crypto backend.  And this is basically
what Fox-IT has done via Steffan (and earlier Adrian).

This is also how we got IPv6 support in OpenVPN too; Gert had patches several
years ago he maintained, he grew trust and with that he got more challenges
and is now a co-maintainer of the OpenVPN community project.  Lev got involved
as well in a similar way, with features F-Secure Freedome needed at that time.
 And you can find that a lot of the active people here get their changes
included, because they're active on a regular bases.

It doesn't mean they need to be active every day, but that they keep in touch
at least every now and then on mailing lists or IRC and join the hackathons
from time to time.

So getting a trust that you're going to be available also after WolfSSL
support is added is kind of the key point; to help maintaining both the
WolfSSL implementation but also helping out on a regular basis, especially on
the crypto side.

kind regards,

David Sommerseth
OpenVPN Inc

Openvpn-devel mailing list

Reply via email to