[cooker] RPM why not use internal beecrypt ?


why our RPM uses external crypto engine which is set to OpenSSL ?
Isn't this a overkill ?

I'd like to suggest ti use RPM's internal beecrypt as a crypto engine. WDYT

No. BeeCrypt is completely unmaintained these days. And RPM does not
bundle beecrypt either. You still need to ship the library.

We use OpenSSL because it's currently the fastest and best maintained
crypto backend. I explicitly picked it because of that. In the future,
we may switch to the newer gcrypt backend, but for now, we're using

NSS is a ridiculous pain to deal with these days with constant ABI/API
breaks, so it's not a reasonable option for RPM.

Thanks for clarification. I had that wrong idea about that beecrypt is
completed :frowning:
I saw that latest commits adds libgcrypt support to RPM. Do you think that
switching to libgcrypt may give us some benefits ?

I need to do some more tests, but at least there's a preliminary
benefit of speed (hashing functions take 50% less time). And with
gcrypt ABI breaking a lot less often than OpenSSL, it's a very
attractive option.