Re: Support for NSS as a libpq TLS backend

On Thu, Feb  3, 2022 at 02:33:37PM -0500, Robert Haas wrote:
> As a philosophical matter, I don't think it's great for us - or the
> Internet in general - to be too dependent on OpenSSL. Software
> monocultures are not great, and OpenSSL has near-constant security
> updates and mediocre documentation. Now, maybe anything else we

I don't think it is fair to be criticizing OpenSSL for its mediocre
documentation when the alternative being considered, NSS, has no public
documentation.  Can the source-code-defined NSS documentation be
considered better than the mediocre OpenSSL public documentation?

For the record, I do like the idea of adding NSS, but I am concerned
about its long-term maintenance, we you explained.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.