[OE-core] [PATCH] libevent: enable OpenSSL unconditionally and update packaging
Richard Purdie
richard.purdie at linuxfoundation.org
Thu Nov 7 22:00:06 UTC 2019
On Thu, 2019-11-07 at 15:41 +0000, André Draszik wrote:
> On Thu, 2019-11-07 at 14:08 +0000, Richard Purdie wrote:
> > On Thu, 2019-11-07 at 14:01 +0000, André Draszik wrote:
> > > On Thu, 2019-11-07 at 13:26 +0100, Alexander Kanavin wrote:
> > > > I would rather keep the option to disable openssl, but simply
> > > > switch it on by default
> > >
> > > Why complicate things, what's the use-case? If
> > > libevent_openssl.so is
> > > not
> > > used by anything, that library will not be pulled in, as it is a
> > > separate package now.
> >
> > Build time dependencies and hence build speed?
> >
> > It sounds trivial but all these inter-dependencies do mount up so
> > if we
> > don't need it, keeping things minimal has advantages.
> >
> > If there is a security issue in openssl, its one more thing that
> > would
> > have to be regenerated if a CVE fix were added too...
>
> What about helping make network connections more secure by enabling
> ssl by default? Is yocto really advocating the use of unencrypted
> connections?
No. Information like that about impact would help sway this discussion
and should probably be in the commit message. Its a question of why as
well as what and how.
> If build time is the argument, why is stack protection enabled by
> default in the compiler?
> Why do other packages have OpenSSL support enabled by default?
>
> I could go on, but I don't care enough, v2 sent :-)
It is important, I suspect the commit message needs more info to help
ensure we make informed decisions...
Cheers,
Richard
More information about the Openembedded-core
mailing list