Control: severity -1 important Control: retitle -1 Make it clear that wolfssl is only for packages that cannot use openssl
On Tue, 17 Jan 2023 04:19:46 -0500 gs-bugs.debian....@gluelogic.com wrote:
Can this be closed? Are there any action items remaining for this bug?
After some more messages with Moritz, wolfssl can be kept in bookworm under some conditions. It must only be used in packages that cannot use openssl so that people can harden their openssl setup and most packages are affected. wolfssl's debian/README.Debian file should prominently state something like the following: "wolfSSL is solely provided as an alternative to OpenSSL for packages whose licenses are incompatible with Apache-2.0." Please make sure to edit that file before bookworm is released. Maybe the package description should contain this as well.
