From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark H Weaver <mhw@netris.org>
Subject: Re: [PATCH] Libressl
Date: Mon, 15 Jun 2015 16:15:40 -0400
Message-ID: <87eglciv83.fsf@netris.org>
References: <20150615191102.GA4777@debian>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43752)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1Z4anc-0006SA-U0
	for guix-devel@gnu.org; Mon, 15 Jun 2015 16:16:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1Z4anX-0006Qg-Uq
	for guix-devel@gnu.org; Mon, 15 Jun 2015 16:16:04 -0400
Received: from world.peace.net ([50.252.239.5]:56493)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mhw@netris.org>) id 1Z4anX-00064e-L9
	for guix-devel@gnu.org; Mon, 15 Jun 2015 16:15:59 -0400
In-Reply-To: <20150615191102.GA4777@debian> (Andreas Enge's message of "Mon,
	15 Jun 2015 21:11:02 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org

Andreas Enge <andreas@enge.fr> writes:

> the attached patch adds libressl. As you can see, it is quite a bit simpler
> than the openssl package, which already inspires confidence. I think we
> should add the package;

Agreed.

> the next question would be whether we should switch
> all inputs from openssl to libressl. I tried it for fetchmail, and it works
> just the same.

I would be in favor of trying this in core-updates.  I have a lot more
confidence in the security of LibreSSL than OpenSSL.  The name
"LibreSSL" also better reflects the values of the free software
movement, which is a nice bonus.

> I also wonder whether we should not unite gnutls.scm and openssl.scm into
> one tls.scm.

Sounds good to me.

> +    ;; Files taken from OpenSSL keep their license, others are under various
> +    ;; non-copyleft licenses.
> +    (license (list license:openssl
> +                   (license:non-copyleft
> +                     "file://COPYING"
> +                     "See COPYING in the distribution.")))))

The COPYING file says that the OpenSSL code is under the OpenSSL license
and the new contributions are under ISC or public domain, so how about
this instead?

    (license (list license:openssl
                   license:isc)))))

   Thank you!
      Mark