Re: A couple of questions and concerns about Emacs network security

[Eli Zaretskii]

> From: Paul Eggert <address@hidden>
> Date: Fri, 22 Jun 2018 15:43:35 -0700
> Cc: Lars Magne Ingebrigtsen <address@hidden>
> 
> > 2. Now that `starttls.el` and `tls.el` are obsolete, and GnuTLS doesn't
> >     seem to be doing a very good job, can we link to something better
> >     maintained, such as OpenSSL/LibreSSL/BoringSSL/NSS?
> 
> I would think the answer to that could be "yes" too. Despite its name, 
> GnuTLS is no longer GNU code, and we're under no obligation to promote 
> it. However, this would take some work. We'd surely want the option to 
> link to either GnuTLS or OpenSSL/etc.

GnuTLS may not be a GNU project in the formal sense, but nothing has
changed in its development methods or in its spirit since it was.
OpenSSL is even less of a GNU project, and AFAIR includes components
that are not even Free Software.  Moreover, having 2 different
libraries for the same task in Emacs will be a maintenance burden we
are better without, especially given the lack of active experts on
board.  I'd like to remind us all that we've just switched to GnuTLS
as the primary means in Emacs 26.1.

So my vote would be NO for switching away from GnuTLS.