[Pkg-clamav-devel] clamav 0.98.3 released
Scott Kitterman
debian at kitterman.com
Sat May 10 00:13:27 UTC 2014
On May 9, 2014 5:51:24 PM EDT, Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> wrote:
>Hi,
>
>On 09.05.2014 23:31, Andreas Cadhalpun wrote:
>> Maybe we could replace OpenSSL with gnutls?
>> From the Changelog:
>> * Replace in-house crypto code (md5, sha1, sha256 hashing
>algorithms)
>> with calls to OpenSSL. This makes OpenSSL a required dependency for
>the
>> engine.
>>
>> I guess gnutls has quite similar functionality?
>> But I don't know, how difficult it would be to switch.
>
>GnuTLS has a compatibility layer for OpenSSL [1]. Using this, it might
>be possible to simply switch the headers.
>(We might get problems though: "Error handling is not thread safe.")
Since clamav is only using openssl functions internally, packages that use libclamav don't need the openssl exception. What they have is adequate for being in Debian. If they miss the exception in files where it should be, we should file bugs upstream. Given what is in the README, their intent is clear.
I'd rather stick with what upstream is using and not switch to GNUtls.
Scott K
More information about the Pkg-clamav-devel
mailing list