On Sat, 2008-02-16 at 14:44 -0800, Russ Allbery wrote:
Howard Chu hyc@symas.com writes:
Since they're committed to using GnuTLS, yes. Unfortunately for the Debian community, just because software is released under the GPL doesn't say anything about its quality.
There are enough other reasons to use already-packaged software and enough reasons to use Debian in preference to other distributions (for what we're doing at Stanford; I'm not interested in discussing that position with anyone on this list) that it was worth helping fund the development of the GnuTLS support. That support basically works, recommended or not, which is a better place than we were in before. I can only hope that it will get better in the future, or that some miracle will happen with either OpenSSL licensing or Debian's legal interpretation of copyright, none of which I have any real control over.
What would it take to create a third way here with Mozilla's NSS?
For my sanity in Samba4, I keep bugging those involved with NSS and nss_compat_ossl to create a gnutls-like API to NSS. Some aspects of the API I like, while other aspects of the GnuTLS implementation drive me nuts - such as draining and blocking on /dev/random...
Andrew Bartlett