[OpenWrt-Devel] [PATCH 0/4] dnsmasq: DNSSEC support

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Jun 16 05:56:33 EDT 2014


On Mon, Jun 16, 2014 at 10:53 AM,  <edgar.soldin at web.de> wrote:
>> On the contrary I'd prefer if it doesn't. Nettle is an open project
>> under LGPL that anyone can contribute and can be reused by a variety
>> of software; polarssl is closed commercial project under a commercial
>> license with a GPLv2 exception.
> according to
>  https://polarssl.org/how-to-get
> you can use the polarssl library properly under copyleft GPL2. if they offer additional licenses does not matter.

That's what I already mentioned. The difference with open-source
software is the missing "how to contribute page" (I consider the
presence of a developer community a vital part of being open source).
Otherwise, tomorrow you could be left with a GPLv2 codebase that is
outdated an unmaintained if the X company desires that the GPLv2
codebase they release is no longer a good marketing approach.
Another risk is to wait for years (or eternity) to get features that
paying customers get (see matrixssl).

On Mon, Jun 16, 2014 at 10:51 AM, Steven Barth <cyrus at openwrt.org> wrote:
>> On the contrary I'd prefer if it doesn't. Nettle is an open project
>> under LGPL that anyone can contribute and can be reused by a variety
>> of software; polarssl is closed commercial project under a commercial
>> license with a GPLv2 exception.
>Oh well, I sometimes have the feeling if its open-source + backed by a company there is more interest in avoiding another case of heartbleed

You could be right, but I'd expect a different set of bugs to be
present rather than no bugs. Being commercial doesn't imply there are
no bugs. My experience shows the contrary (and both openssl and gnutls
are far from being non-commercial as they are backed from several
companies that either contribute code or hire their developers). The
advantage small implementations have initially over gnutls and openssl
is the fact that they are smaller and support much less features, thus
they are easy to check and have a smaller attack vector. Their
disadvantage is that they need to get in par with the features of the
other libraries (see for example how supporting cryptodev and modern
algorithms improves performance in a small system [0], thus using a
mainstream implementation pays off).

In any case my opinion is biased as I am working on gnutls.

regards,
Nikos

[0]. http://nmav.gnutls.org/2012/04/in-some-embedded-systems-space-may.html
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list