netty-tcnative: Using BoringSSL in production?

[mohamed....@gmail.com]

Reading on the BoringSSL website, it says "We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability". 

Regarding the netty-tcnative maven artifact with BoringSSL statically linked, is using it recommended in production? I'd just be worried that a situation might come up that an urgent security patch to BoringSSL was made, but that there might be a large delay in implementing support for it in netty-tcnative because there were a lot of breaking changes made to BoringSSL... or is this not really a concern?

[Norman Maurer]

We have people of Google in the Netty Team so there should be no need to worry.

On 27 Jun 2016, at 05:12, mohamed....@gmail.com wrote:

Reading on the BoringSSL website, it says "We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability". 

Regarding the netty-tcnative maven artifact with BoringSSL statically linked, is using it recommended in production? I'd just be worried that a situation might come up that an urgent security patch to BoringSSL was made, but that there might be a large delay in implementing support for it in netty-tcnative because there were a lot of breaking changes made to BoringSSL... or is this not really a concern?

--
You received this message because you are subscribed to the Google Groups "Netty discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netty+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netty/f6a5d8ad-7288-44b3-9971-b178a9eafe62%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.