Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 May 2013 10:08:52 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: High-priority library replacements?

On Thu, May 09, 2013 at 09:36:18AM +0200, Daniel Cegiełka wrote:
> 2013/5/9  <idunham@...abit.com>:
> 
> > Tropicssl is a fork of polarssl, but as far as I can tell they haven't
> > fixed CVEs 2013-0169, 2013-1621, and 2013-1622 yet.
> >
> > While I agree with their view of the license switch, the activity (or
> > lack thereof) does not seem promising.
> 
> The problem is that we have the choice to either accept the GPL
> (CyaSSL, PolarSSL) or write own implementation of a ssl from
> scratch... or use eg tropicssl as a ssl base.
> 
> btw.  license issue - can we legally link noxcuse (GPL) with musl (MIT)? :)

Of course; otherwise musl would be rather useless since there's a huge
corpus of GPL code you want to link and run. The point of a permissive
license is that it does not restrict you from doing things like this.

BTW, I'll probably relicense noxcuse anyway. I just never got around
to doing much/anything with it after initially publishing it. The main
app in it that's really useful right now though is iconv, since
Busybox lacks iconv and glibc iconv is glibc-specific.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.