Greetings, * Daniel Gustafsson (dan...@yesql.se) wrote: > > On 28 Jan 2022, at 15:30, Robert Haas <robertmh...@gmail.com> wrote: > > On Fri, Jan 28, 2022 at 9:08 AM Daniel Gustafsson <dan...@yesql.se> wrote: > >>> Kinda makes me question the wisdom of starting to depend on NSS. When > >>> openssl > >>> docs are vastly outshining a library's, that library really should start > >>> to > >>> ask itself some hard questions. > > > > Yeah, OpenSSL is very poor, so being worse is not good. > > > >> Sadly, there is that. While this is not a new problem, Mozilla has been > >> making > >> some very weird decisions around NSS governance as of late. Another data > >> point > >> is the below thread from libcurl: > >> > >> https://curl.se/mail/lib-2022-01/0120.html > > > > I would really, really like to have an alternative to OpenSSL for PG. > > I don't know if this is the right thing, though. If other people are > > dropping support for it, that's a pretty bad sign IMHO. Later in the > > thread it says OpenLDAP have dropped support for it already as well. > > I'm counting this and Andres' comment as a -1 on the patchset, and given where > we are in the cycle I'm mark it rejected in the CF app shortly unless anyone > objects.
I agree that it's concerning to hear that OpenLDAP dropped support for NSS... though I don't seem to be able to find any information as to why they decided to do so. NSS is clearly still supported and maintained and they do seem to understand that they need to work on the documentation situation and to get that fixed (the current issue seems to be around NSS vs. NSPR and the migration off of MDN to the in-tree documentation as Daniel mentioned, if I followed the discussion correctly in the bug that was filed by the curl folks and was then actively responded to by the NSS/NSPR folks), which seems to be the main issue that's being raised about it by the curl folks and here. I'm also very much a fan of having an alternative to OpenSSL and the NSS/NSPR license fits well for us, unlike the alternatives to OpenSSL used by other projects, such as GnuTLS (which is the alternative to OpenSSL that OpenLDAP now has) or other libraries like wolfSSL. Beyond the documentation issue, which I agree is a concern but also seems to be actively realized as an issue by the NSS/NSPR folks, is there some other reason that the curl folks are thinking of dropping support for it? Or does anyone have insight into why OpenLDAP decided to remove support? Thanks, Stephen
signature.asc
Description: PGP signature