Bug#446036: exim4: please compile against openssl instead of gnutls

Stephen Gran sgran at debian.org
Wed Oct 10 00:12:51 UTC 2007 

Package: exim4
Version: 4.63-17
Severity: normal

Hello,

The subject pretty much says it all.  I see that there are a half dozen
TLS related bugs open in the BTS about odd failures that will most likely
disappear if you use the more robust implementation.  Additionally,
openssl uses less system entropy for the same cryptographic strength
(there go your bugs about the gnutls random seed) and most importantly
for me, openssl actually supports full certificate chain lookups, so
you can be guaranteed that this cert was signed was signed by that ca.
gnutls does not, to the best of my knowledge.

I fully understand the desire to assist gnutls, but until it provides a
comparable feature set at a comparable performance level, I think that
the default MTA in Debian could do slightly better.  It's not as if
there's a licensing issue - there is an explicit excemption for openssl.

Ordinarily I would make a 'please do such and such in the packaging'
bug severity: wishlist, but given how many other open bugs appear to be
directly related to this choice, and how far gnutls is from providing some
fairly crucial features, I think that wishlist is too low a priority.
That being said, I am not interested in BTS ping pong and won't argue
if you decide to downgrade the bug.

Thanks,

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US.utf-8, LC_CTYPE=en_US.utf-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf-8)

-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-exim4-maintainers/attachments/20071010/7f1421e5/attachment.pgp

More information about the Pkg-exim4-maintainers mailing list