[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openssl is now a dependency of guix: possible license conflict?
From: |
Leo Famulari |
Subject: |
Re: openssl is now a dependency of guix: possible license conflict? |
Date: |
Fri, 18 Aug 2017 14:06:25 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Fri, Aug 18, 2017 at 10:44:04PM +0800, Alex Vong wrote:
> It seems julia had merge the mbedtls patches, so they should be working:
>
> https://github.com/JuliaLang/julia/pull/22614
>
> Should we also adopt the patches?
Personally, I think it depends on the advice of the libgit2 team. We
shouldn't add new TLS backends without being very careful that they work
properly.
I've seen many cases where TLS seemed to work but, upon examination,
turned out to not offer any security at all.
Currently, TLS in `guix pull` is the fundamental security mechanism in
Guix, so we must be very careful.
signature.asc
Description: PGP signature