Many projects out there support not just a single crypto library like OpenSSL but others like GnuTLS and NSS as well. While building the project, a switch must be enabled or changed. Some projects even default not to OpenSSL. I saw Curl, which supports all three via six different packages, three runtime packages, and three -dev packages.
Debian is very much OpenSSL. However, I see some packages default to GnuTLS or even NSS without providing OpenSSL, although their source project supports it. Question(s): Is there a recommendation/guideline/policy that package maintainers should prefer a specific crypto library (OpenSSL?) if they cannot support all of them? If not, is there an argumentation aid to convince package maintainers. Then, I would use that aid to file a wishlist on the bug tracking system for those projects, I know an alternative crypto library exists.
