From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 48F4A1382C5 for ; Tue, 30 Jan 2018 23:23:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2618BE0B35; Tue, 30 Jan 2018 23:23:05 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B12C8E0B0C for ; Tue, 30 Jan 2018 23:23:04 +0000 (UTC) Received: from a1i15.kph.uni-mainz.de (host2092.kph.uni-mainz.de [134.93.134.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ulm) by smtp.gentoo.org (Postfix) with ESMTPSA id 2F1AC335C63; Tue, 30 Jan 2018 23:23:02 +0000 (UTC) Message-ID: <23152.65107.266869.334200@a1i15.kph.uni-mainz.de> Date: Wed, 31 Jan 2018 00:22:59 +0100 To: gentoo-dev@lists.gentoo.org Cc: =?iso-8859-2?Q?Micha=B3_G=F3rny?= Subject: Re: [gentoo-dev] [PATCH] use.desc: Correct/clarify SSL/TLS-related flags In-Reply-To: <20180130221106.11245-1-mgorny@gentoo.org> References: <20180130221106.11245-1-mgorny@gentoo.org> X-Mailer: VM 8.2.0b under 24.3.1 (x86_64-pc-linux-gnu) From: Ulrich Mueller Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="pgp+signed+Pfim3vxBv8Gd5sj"; micalg=pgp-sha256; protocol="application/pgp-signature" X-Archives-Salt: e20bfa46-b8d6-4637-92d7-ea1c908624af X-Archives-Hash: 618beb333a7f29b33f8be323d3647f4b This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --pgp+signed+Pfim3vxBv8Gd5sj Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable >>>>> On Tue, 30 Jan 2018, Micha=B3 G=F3rny wrote: > Correct the description of SSL/TLS-related flags to match their moder= n > use. USE=3Dssl is a feature flag that enables support for SSL/TLS, > while USE=3Dgnutls and USE=3Dlibressl are implementation toggling fla= gs. > Unify the descriptions a bit. Make sure to mention both SSL and TLS > to avoid confusion. Inform about the necessity of enabling USE=3Dssl > in both implementation flags, and replace 'might' with 'if present'. > --- > profiles/use.desc | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > diff --git a/profiles/use.desc b/profiles/use.desc > index 43423a017a5f..4ac5d5ad6136 100644 > --- a/profiles/use.desc > +++ b/profiles/use.desc > @@ -119,7 +119,7 @@ gmp - Add support for dev-libs/gmp (GNU MP librar= y) > gnome - Add GNOME support > gnome-keyring - Enable support for storing passwords via gnome-keyri= ng > gnuplot - Enable support for gnuplot (data and function plotting) > -gnutls - Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 suppor= t) > +gnutls - Prefer net-libs/gnutls as SSL/TLS provider (requires USE=3D= ssl if present) NACK. This seems to imply that USE=3D"-ssl gnutls" is not a valid configuration=3F What if the user prefers gnutls and therefore has globally enabled the gnutls flag, but -ssl for a single package=3F How about "(needs USE=3Dssl to take effect)" instead=3F > gphoto2 - Add digital camera support > gpm - Add support for sys-libs/gpm (Console-based mouse driver) > gps - Add support for Global Positioning System > @@ -179,7 +179,7 @@ libcaca - Add support for colored ASCII-art graph= ics > libedit - Use the libedit library (replacement for readline) > libffi - Enable support for Foreign Function Interface library > libnotify - Enable desktop notification support > -libressl - Use dev-libs/libressl as SSL provider (might need ssl USE= flag), packages should not depend on this USE flag > +libressl - Use dev-libs/libressl instead of dev-libs/openssl as SSL/= TLS provider (requires USE=3Dssl if present), packages should not depen= d on this USE flag Same here. > libsamplerate - Build with support for converting sample rates using= libsamplerate > libwww - Add libwww support (General purpose WEB API) > lirc - Add support for lirc (Linux's Infra-Red Remote Control) > @@ -319,7 +319,7 @@ sox - Add support for Sound eXchange (SoX) > speex - Add support for the speex audio codec (used for speech) > spell - Add dictionary support > sqlite - Add support for sqlite - embedded sql database > -ssl - Add support for Secure Socket Layer connections > +ssl - Add support for SSL/TLS connections (Secure Socket Layer / Tra= nsport Layer Security) > startup-notification - Enable application startup event feedback mec= hanism > static - !!do not set this during bootstrap!! Causes binaries to be = statically linked instead of dynamically > static-libs - Build static versions of dynamic libraries as well > --=20 > 2.16.1 --pgp+signed+Pfim3vxBv8Gd5sj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCAAGBQJacP4/AAoJEMMJBoUcYcJzNKoH/RLT48S9fXutGBArJcKmAHeV Bxksns4bvpm8JHCr1KnZb15nwuuD35rrEWOs9E2jpg/TCXpTzjGG6ThghIFtIC38 qzela7WFonz/ofqvxz/LFwvgG6EqH+FF4C6ZGszhf6T0zXNsvvK2p9TnvGe+0v7C pxUe1wpRrxZfR0oUrzDHVZUbIN4ArrhUGt5LG5JJm8eJ5kt/BbivczhNcATRInkm B8aUgsgdijxAP/TjVSLJd5BNwsTvyqNRyXGcZ+b/Lr087nB4NEIaOZSxoWsLBKpM DVNDKq16VVADxqGl7fYRWfWX5HpgzS1IeYxU63XIl/ngG8+qPx3p9stVWSTQhHs= =QU+6 -----END PGP SIGNATURE----- --pgp+signed+Pfim3vxBv8Gd5sj--