On Thu, 9 Nov 2023 at 22:54, Benjamin Barenblat <bba...@debian.org> wrote: > > Dear Debian folks, > > coreutils can link against OpenSSL, yielding a substantial speed boost > in sha256sum etc. For many years, this was inadvisable due to license > conflicts. However, as of bookworm, coreutils requires GPL-3+ and > OpenSSL is Apache-2.0, so I believe all license compatibility questions > have been resolved. > > What would you think about having coreutils Depend on libssl3? This > would make the libssl3 package essential, which is potentially > undesirable, but it also has the potential for serious user time savings > (on recent Intel CPUs, OpenSSL’s SHA-256 is over five times faster than > coreutils’ internal implementation).
This sounds great. systemd also uses OpenSSL for various things, so libssl3 is pretty much a given on any bootable installation anyway already. > Alternatively, what would you think about making sha256sum etc. > divertible and providing implementations both with and without the > OpenSSL dependency? Please, no, no more diversion/alternatives/shenanigans, it's just huge and convoluted complications for no real gain.