[Pkg-rust-maintainers] Bug#962508: switch libcurl to openssl by default

[Harlan Lieberman-Berg]

Package: cargo
Version: 0.43.1-3
Severity: wishlist

Hello fellow Rustaceans!

Because cargo has a direct dependency on OpenSSL, it seems logical that we
should switch the priority of openssl and gnutls so Cargo, at least by default,
isn't building against two different TLS implementations.

This is especially important considering GnuTLS has had some painful security
incidents recently: CVE-2020-13777 in particular.

Should just require switching the order of the libcurl dep in d/control.

Sincerely,

-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cargo depends on:
ii  binutils            2.34-8
ii  gcc [c-compiler]    4:9.2.1-3.1
ii  gcc-8 [c-compiler]  8.4.0-4
ii  gcc-9 [c-compiler]  9.3.0-13
ii  libc6               2.30-8
ii  libcurl3-gnutls     7.68.0-1
ii  libgcc-s1           10.1.0-1
ii  libgit2-28          0.28.5+dfsg.1-1
ii  libssh2-1           1.8.0-2.1
ii  libssl1.1           1.1.1g-1
ii  rustc               1.42.0+dfsg1-1
ii  zlib1g              1:1.2.11.dfsg-2

cargo recommends no packages.

Versions of packages cargo suggests:
pn  cargo-doc  <none>
ii  python3    3.8.2-3

-- no debconf information