TLS Libraries
azrdev at qrdn.de
azrdev at qrdn.de
Fri Jun 26 06:59:36 EDT 2015
Hi,
>> I'm not a fan of putting all the security eggs in one basket :)
>
> In what sense do you mean this? Each individual Pidgin install (unless
> the user is doing something particularly unique and weird) will only use
> one TLS library, right? One's TLS library is largely predetermined, too,
> because almost everyone uses either the Windows binary or a *nix
> package.
>
> In that case, we'd only have multiple baskets in terms of switching to
> another TLS library in a later version. However, GnuTLS and NSS are both
> big and widely used projects, so any security issue would be fixed long
> before we could execute a mass basket-switch.
As long as both NSS and GnuTLS are supported and availiable in Makefiles
and source code, switching the "basket" is a matter of just releasing a
minor version with different compile flags, probably only needing
downstream packagers.
In case something like heartbleed dictates a library change, this is
much more handy than to wait for the pidgin core to be migrated.
Just my 2 cents
Jonathan
More information about the Devel
mailing list