Simon Josefsson wrote:
In the end, this is about economics and trade-offs. While the code is technically sometimes both inefficient and inelegant, there are too few people who work on it to make re-writing code a good use of our time. If GnuTLS was a larger and funded project like OpenSSL, NSS, or OpenLDAP, things may be different.
I'll note that when I embarked on performance analysis of OpenLDAP back in 2001, http://www.openldap.org/lists/openldap-devel/200109/msg00065.html all of my work was funded by my bank account. There was pretty much no commercial interest in OpenLDAP until several years later, long after our major performance overhauls were done. After we had consistently demonstrated that the rewritten codebase performed better than anything else out there. The Project's growth didn't really accelerate until after that groundwork was done.
If you don't build a tight foundation you can't build anything good on top. If you don't build the foundation yourself, no one will ever care to fund you to add anything else. Just my opinion of course.