On Mon, Jan 31, 2011 at 6:08 PM, Juan Lang juan.lang@gmail.com wrote:
As Henri said, it's that it's a set of external dependencies (not just one; GnuTLS has its own dependencies) and that they are security-related. To the greatest extent practical, security-related libraries should come from one's distro or OS vendor.
Sure, I can buy that. I'll note that OpenSSL is also available for the Mac, and already loaded by wininet and winhttp. It could be appropriate to move from GnuTLS to OpenSSL for schannel, so we'd only have a single implementation for both Linux and Mac in schannel.
Just to be clear, legal issues were raised once before with OpenSSL. See here for Geoff Thorpe's reply regarding this issue: http://www.winehq.org/pipermail/wine-devel/2004-July/028061.html
It sounds like things aren't nearly as murky as other licenses, but if we were in the position where we had to ship OpenSSL ourselves we might run into a problem.
-Brian