Re: [ANNOUNCE] OpenSSL 0.9.6g released

Sun, 11 Aug 2002 03:35:24 -0700 

In message <[EMAIL PROTECTED]> on Sat, 10 Aug 
2002 22:05:18 -0400, "Thomas J. Hruska" <[EMAIL PROTECTED]> said:

For everyone concerned: I will comment on the binary builder proposals
when I have more time than I have right now.

The following need immediate commenting:

shinelight> >One thing that makes distribution of binaries world-wide tricky is
shinelight> >patents on some algorithms in some countries...  That is, like it or
shinelight> >not, something one has to look into and deal with.
shinelight> 
shinelight> InnoSetup has the ability to create customized installations.  I'd
shinelight> recommend changing OpenSSL to accept a configuration (INI) file for
shinelight> algorithm selection.  That way multiple binaries won't have to be built and
shinelight> all countries can be supported (multiple configs will have to be created,
shinelight> but that shouldn't be too difficult and won't occupy much space).

The trouble with such a scheme would be that the algorithm itself
would still exist in the library, and can then potentially be used,
just by a change in the INI file.  Under those conditions, the
algorithm is still there, even if not currently used (it's still
usable, basically).  There are fears that is enough to put you in
trouble.  Therefore, there are people who want to be able to
physically remove the troublesome algorithms from the source, and
build the library with the rest of it.  No run-time INI file will
help there...  If it was that simple, we would already have done it a
long time ago (that's my guess at least...).

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to