From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Florian Larysch <fl@n621.de>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/network-manager: make cryptography library optional
Date: Sat, 31 May 2025 10:56:27 +0200 [thread overview]
Message-ID: <20250531105627.12ba07de@windsurf> (raw)
In-Reply-To: <20250530221136.jnf4d76j4fidh6aw@n621.de>
Hello Florian,
On Sat, 31 May 2025 00:11:36 +0200
Florian Larysch <fl@n621.de> wrote:
> Okay great, I think that's the preferable option too if breaking
> compatibility is fine. I'll send a new version of the patch.
>
> Is there a list of breaking changes I should add to?
You can add it to:
docs/manual/migrating.adoc
in a new section "Migration to 2025.08", since your change will be
applied to "next", which will only appear in the 2025.08 release.
> > We might discuss whether gnutls should take priority on libnss if both
> > are available. Maybe NM documents that one is "better" over the other?
>
> I haven't found any explicit statements to either effect. Support for
> both libraries has been present from day one back in 2007.
>
> Data points in favor of libnss:
>
> - It's the default value in the NM build system, so it would be the
> preferred backend if both are available
>
> - It's probably the more mature of the two, given that it's being used
> in Mozilla products
>
> Data points in favor of gnutls:
>
> - While both backends seem feature-equivalent, the
> _nm_crypto_verify_pkcs8 function is stubbed out in the libnss code[1]
>
> - Both Debian and Fedora explicitly select gnutls in their packages. I
> can't find the reasoning for Debian but at least for Fedora it seems
> to have been a conscious choice[2].
>
> Given what it's actually used for in the code base, I don't think the
> choice really matters much when both options are available. I'd slightly
> lean towards gnutls just because it's marginally more feature-complete.
> How do you feel about this?
Wow, thanks for this super comprehensive research. I'm totally fine
with your reasoning. Make sure to copy/paste this whole research into
your commit log as the justification of why gnutls has been chosen as
the default.
Thanks a lot!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-05-31 8:56 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-27 15:23 [Buildroot] [PATCH 1/1] package/network-manager: make cryptography library optional Florian Larysch
2025-05-30 20:01 ` Thomas Petazzoni via buildroot
2025-05-30 22:11 ` Florian Larysch
2025-05-31 8:56 ` Thomas Petazzoni via buildroot [this message]
2025-05-31 14:39 ` [Buildroot] [PATCH v2 0/2] package/network-manager: make crypto " Florian Larysch
2025-11-17 13:01 ` Florian Larysch
2025-05-31 14:39 ` [Buildroot] [PATCH v2 1/2] " Florian Larysch
2025-07-08 9:13 ` Marcus Hoffmann via buildroot
2026-02-03 22:01 ` Marcus Hoffmann via buildroot
2025-05-31 14:39 ` [Buildroot] [PATCH v2 2/2] package/network-manager: switch default crypto provider to gnutls Florian Larysch
2025-07-08 9:16 ` Marcus Hoffmann via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250531105627.12ba07de@windsurf \
--to=buildroot@buildroot.org \
--cc=fl@n621.de \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.