Hi,

This is a very reasonable request and I strongly support it to be
implemented for trixie. Having two libraries less in the base system is
a welcome improvement. Uploaders, would you be okay with this being implemented?

Thanks,
Bastian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Apr 17, 2025 at 02:20:09PM +0200, Bastian Germann wrote:

This is a very reasonable request

you'd think so, yet it was a reasonable choice to choose nettle over
openssl.

and I strongly support it to be
implemented for trixie. Having two libraries less in the base system is
a welcome improvement. Uploaders, would you be okay with this being implemented?

no.

certainly not now, as the trixie freeze has started. also please don't
just change the crypto library just because, similarily like you also
would not switch everything else to nettle, which would also mean one
library less.

we'll provide some longer explaination eventually.


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Auschwitz was at the end of a long process. It did not start from gas chambers.
This hatred was gradually developed by humans. From ideas, words, stereotypes
& prejudice through legal exclusion, dehumanization & escalating violence...
to systematic and industrial murder. Auschwitz took time.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmgBCt8ACgkQCRq4Vgaa qhwKog/9EIMBnQw57sAdmoW2h4qwOyrEu/mcv+huu/d6tH5V8/7g5YjvXZKOsnBf GuVwIISgVmponlgBf0bowFv7c9xMpod/yebxBRyl6elbJh6EPcGZJuHy877A/i4u dq6PkawSZFbG0aYFgi1wRFSJseN73zkyOaB1bN3pvhDXenz2GJj5ldTc1GxW0etk N8P5vVAWCn4o4oOwKhV00+RaxP8miMd3VYoa5hvxdviGB1igyWzg3hSEj5rWwfYT Sc/UVaaXQOcU+i4a90DtTNrckYUjdKCOKHgRCKDtGWT4qmMRwT1z33+AxuUl0wl9 eZ7MNSaceLkkPR53Rkr2B6EnYBP/PUgp114PYGGngm7TIvx6Jk5qp9m5NDvQSIPO
JflMrwpsxnxaNU

On Mon 2024-12-23 13:20:44 +0100, Julian Andres Klode wrote:

APT now build with OpenSSL (and sqv), hence sqv is the only thing
left pulling in nettle in the base system.

FWIW, i have more confidence in Nettle as a cryptographic backend than i
have in OpenSSL. If the project as a whole prefers to consolidate
everything to OpenSSL, i am not going to block. But from my perspective
Nettle is better engineered, with a more sensible API (as C APIs go), a
more compact footprint, and a narrower scope of work than OpenSSL.

Nettle will also be brought back into the end user system with many
other common tools, including wget, qemu, etc.

If it was just up to me, i'd be inclined to tag this wontfix for debian.

--dkg

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRjrBGOWy5dZsiKhad4C4VO2cK0lgUCaAEcoAAKCRB4C4VO2cK0 lhiaAP0c5m8sJgmr3TSEV/CAtOLLlaRB6aUx2JVif/iO1eUtNQD/Z720UcgN5Kmp 71dsxvKcpgsBM45z1s5MEFIzQDlPQAk=
=09kE
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)