On Tue, Feb 1, 2011 at 3:08 AM, Juan Lang <[email protected]> wrote:
> Hi Ken, thanks for the reply. > > > As Henri said, it's that it's a set of external dependencies (not just > one; GnuTLS has its own dependencies) and that they are security-related. > To the greatest extent practical, security-related libraries should come > from one's distro or OS vendor. > > Sure, I can buy that. I'll note that OpenSSL is also available for > the Mac, and already loaded by wininet and winhttp. It could be > appropriate to move from GnuTLS to OpenSSL for schannel, so we'd only > have a single implementation for both Linux and Mac in schannel. > > OpenSSL seems like a bad idea. It has poor binary compatibility and problematic FIPS 140 certification, and Fedora is dropping it in favour of NSS: http://fedoraproject.org/wiki/FedoraCryptoConsolidation http://fedoraproject.org/wiki/CryptoConsolidationEval OpenSSL isn't part of the LSB (while NSS is), so if we ever want to make a Wine LSB package, it might be a good idea to get OpenSSL out of Wine entirely. See also the August 2008 wine-devel thread about this: http://www.winehq.org/pipermail/wine-devel/2008-August/068575.html Damjan Jovanovic
