Robert Bradshaw wrote:
On Jan 31, 2010, at 2:15 AM, Dr. David Kirkby wrote:
Dr. David Kirkby wrote:
I was not actually suggesting shipping OpenSSL, as I knew there were
license implications.
But I think you would have to agree it is pretty annoying for someone
to download Sage, start a build, then the build fail due to lack of
OpenSSL.
I do not believe this issue is unique to Solaris either. I very much
doubt Cygwin, or many small linux distos come with OpenSSL, but it
would need to be selected, then downloaded from a server. So one
could not argue the operating system comes with it.
I just installed cygwin. Sure enough, there is no SSL support by
default. You have to make a positive effort to select it. As such, I
do not believe OpenSSL is a library that is part of the normal Cygwin
distribution. Just selecting all the defaults will give you no OpenSSL
libraries.
It seems to me, there are 3 choices.
1) Get the Python developers to agree to allow python to link against
OpenSSL. Then you could
* Ship OpenSSL
* Get rid of a load of stuff.
That seems the best solution to me, IF they would agree. It's not one
you can expect to do today though.
2) Stop supporting Sage on any platform which does not come with SSL
as part of the normal operating system distribution - that would
include both Solaris and Cygwin. That seems the dumbest idea.
3) Change Sage so that the hashlib module of python is not essential
for a functioning Sage. That is I suspect the easiest option. I don't
claim to understand how Sage builds fully, but I would have thought
crypto support was not a requirement.
The only place I know it's used is to serve up secure notebooks, but I
bet its used elsewhere too. I see another option
IF that is all, then that hardly seems a major loss of functionality. I bet most
people don't use the secure notebooks anyway. I can see they have advantages
though, especially for commercial users. I admit, that is something I would like
myself, but I personally would just install OpenSSL.
4) Write our own hashlib using gnutls that gets installed if the SSL one
isn't made. Whether or not this is sufficient depends on how much we use
from it.
- Robert
Sounds logical to me, though I think I remember William saying gnutls was
something like 100x slower than OpenSSL for something. I can't recall what
however - it might have been a dream!
Dave
--
To post to this group, send an email to sage-devel@googlegroups.com
To unsubscribe from this group, send an email to
sage-devel+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/sage-devel
URL: http://www.sagemath.org
