[gnutls-dev] Re: libgwenhywfar and gnucash

[Thomas Bushnell BSG]

Simon Josefsson <jas at extundo.com> writes:

> Where have you seen this?  I don't think we advertise the OpenSSL
> compatibility layer in GnuTLS prominently, and when it is mentioned,
> it should says that it is unfinished and limited.

It's common lore over in Debian-land. :)

But then, it's all we have.

> If you'd tell us where you got this impression, I could try to improve
> the documentation.
>
> The OpenSSL emulation layer in GnuTLS is quite thin, and I wouldn't
> recommend anyone to use it unless they have a very strong reason to do
> so.  I haven't seen a good reason here yet.

Debian has made extremely heavy use of it, because of the noxious
license on openssl.  We don't have a choice.  It's really to the point
where we can either drop ssl support from Debian, or use
-lgnutls-openssl.

And nobody seems to be reporting lots of bugs. ;)  This case is a
quite unusual one, because gwenhywfar asks for rather more from
openssl/crypto than most apps.

> I'm listening.  First I'd like to try to convince you to use the
> GnuTLS API instead.  It will probably be less work than fixing the
> OpenSSL compatibility layer to do what you want.  What do you think?

It's not me.  It's gwenhywfar.  He thinks he's done all he can by
giving the openssl-exception to the GPL.

The irony, oddly, is that gwenhywfar is billed as a compatibility
library.  So maybe I can convince him to backend to gnutls also.

One thing I think he's worried about is that file formats *must* be
compatible for the sake of existing users.  Can we guarantee him that?