On Tuesday 24 February 2009, Conrad Meyer wrote: > On Tuesday 24 February 2009 10:33:13 am Gaurav Tungatkar wrote: > > ... > > The code uses the openssl SHA1 implementation and requires openssl libs to > > be installed. > > ... > > This raises a red flag to me. I think I remember hearing OpenSSL's license is > incompatible with the GPL; am I mistaken?
Hi Conrad, Good catch. The question is laid out pretty well here: http://www.gnome.org/~markmc/openssl-and-the-gpl.html Well, if I have to add an OpenSSL exception to the license, I can, and userspace will be ok, but that probably won't fly for kernel (Tux3 kernel code can have an OpenSSL exception but that does not cover all the rest of kernel). Well, OpenSSL is probably not the only available implementation of SHA1. I don't think we need to panic about this, just keep using OpenSSL for now and do something about it when a) it becomes the biggest remaining issue and b) we want to push dedup to mainline kernel. There is plenty of time to work out a sensible solution. Anyway, there is nothing magic about SHA1. We certainly do not require cryptographic security for a dedup hash. Maybe we should look for a more efficient hash than SHA1. Regards, Daniel _______________________________________________ Tux3 mailing list Tux3@tux3.org http://mailman.tux3.org/cgi-bin/mailman/listinfo/tux3
