bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] let's fix the openssl backend once and for all

From: Mike Frysinger
Subject: Re: [Bug-wget] let's fix the openssl backend once and for all
Date: Fri, 31 Oct 2014 14:42:08 -0400 
On 30 Oct 2014 19:47, Giuseppe Scrivano wrote:
> Mike Frysinger writes:
> > On 30 Oct 2014 12:18, Giuseppe Scrivano wrote:
> >> Tim Rühsen <address@hidden> writes:
> >> > as I wrote to Mike: It is the OpenSSL code within Wget. Wget compiled 
> >> > with 
> >> > GnuTLS does not show any problems.
> >> 
> >> and this remembers us that maintaining two different backends is not a
> >> good idea.  I am for just moving to GNU TLS and forget about OpenSSL.
> >> It is a bit drastic but I think it is a better move for the long term.
> >> And we get rid of the copyright exception as well...
> >
> > fwiw, in Chromium OS, we've been moving the opposite direction -- away from 
> > gnutls & nss and only to openssl.  but i guess it's not that big of a deal 
> > to 
> > also move to curl and away from wget if need be.  i think most distros tend 
> > to 
> > default to wget && openssl too (since more projects support openssl).  but 
> > having GNU projects favor their own is not surprising.
> 
> except that GnuTLS is not a GNU project anymore, so that is not the
> reason of my idea; rather the fact of having a compatible license and
> just one way of doing the same thing.  They are both used in very
> important projects, so I would say they are both very mature and
> stable.
> So, is there anything that OpenSSL is doing better than GnuTLS and that
> has any advantage for wget and its users?

i can't speak to the quality level of either, but i'm fairly certain neither is 
a smashing success.  i'm sure both have their own sets of tradeoffs, and the 
goal of the wget project probably heavily weighs into which tradeoffs matter 
more.  the Chromium security guys evaluated the three libraries from the 
perspective of what matter most to that project (with the requirement that 
there be only one library, for maintenance/security/size/overhead/etc... 
reasons), and they settled on openssl.  

if wget wanted to simplify and go with gnutls, that might make sense for the 
wget project.  distros still certainly have the option of using curl+openssl.

note: my position is not "if you don't keep openssl i'm taking my toys and 
going home!".  i'm not on the hook to keep upstream wget alive/working :). 
merely providing some context for different distros.
-mike

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]