Sylvain Beucler wrote: > One thing you didn't mention is using GnuTLS. Deliberately -- it's well known, and hated among major developers (why?) [1]. Migration to GnuTLS is not always trivial, and the openssl compatibility layer (in gnutls-extra, I think) does not work in all cases and is under GPL (IIRC).
> That's what we recommend Migration of an existing package to a new API? I'm a big fan of GnuTLS, but imposing a specific library as a precondition for project approval (even as a recommendation) sounds a bit harsh to me, especially given the fact that several GNU packages have not migrated for years. It is simply hypocritcial to declare it as some kind of a policy. [1] OpenLDAP, Mutt, Exim, etc. do not even accept bug reports if the package was built against gnutls. That's considered by them as "untested, immature implementation" and "unreliable library" that is not supported or guaranteed to work. Some other projects (f.i. Pidgin) even migrated from GnuTLS to NSS (!) and have a firm anti-gnutls policy [sic].