On 10/19/2017 11:49 AM, Jeffrey Walton wrote: > On Thu, Oct 19, 2017 at 5:35 AM, Tim Rühsen <tim.rueh...@gmx.de> wrote: >> Hi Jeffrey, >> >> thanks for heads up ! >> >> Does OpenSSL meanwhile have a PFS for their cipher list ? >> >> Currently it looks like that each and every client has to amend their >> cipher list from time to time. Instead, this should be done in the >> library. So that new versions automatically make the client code more >> secure. GnuTLS does it. >> >> >> That's one reason why we (wget developers) already discussed about >> dropping OpenSSL support completely. The background is that the OpenSSL >> code in Wget has no maintainer. We take (small) patches every now and >> then but there is no expert here for review or active progress. >> >> Having your random seeding issue in mind, there seems to be even more >> reasons to drop that OpenSSL code. >> >> If there is someone here who wants to maintain the OpenSSL code of Wget >> - you are very welcome (Let us know) ! In the meantime I'll ask the >> other maintainers about their opinion. > > Ack, just decide what you want to do. I should not influence the > project's processes or bikeshed.
That's the wrong attitude. It's an community driven open source project and every opinion and every input counts ! We will keep OpenSSL code for now - Ander Juaristi is willing to maintain that code :-) Regards, Tim
signature.asc
Description: OpenPGP digital signature