On Wed, 27 Jan 2010 01:17, ans...@43-1.org said: > There are enough sensible reasons for an application using gcrypt only > indirectly (eg. applications using gnutls should not need to care which > cryptographic library is used by it, more so for applications that only > use a library like libcurl that uses gnutls, but can also use OpenSSL).
There is an easy solution to this: Use your own memory handler. Anyway, they need to care about this; read the gcrypt manual to see why this is important. In general all these inter-library dependencies are a mess. They subvert the assumptions of carefully written software. We have seen large trees of dependencies whre severeal vesion of the same library are in use - that works only by coincidence and yields bugs which are very hard to track down. There is also a licences compliance problem with this approach: I noticed in several cases OpenSSL used along with GPL software due to dependencies the developer was not aware of (e.g. OpenLDAP). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
