• FizzyOrange@programming.dev
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      2 months ago

      Unless the binary size difference is insane, who would say “oh well we were going to pick the library that wasn’t riddled with security issues but we decided to save 2MB instead, hope that makes you feel better about your $12m cybersecurity fine!”.

      • KamikazeRusher@lemm.ee
        link
        fedilink
        arrow-up
        4
        ·
        2 months ago

        There are only going to be edge-cases where the binary size will really cause headache. Individual projects probably won’t worry too much about a size difference if it’s less than 10-20MB.

          • KamikazeRusher@lemm.ee
            link
            fedilink
            arrow-up
            7
            ·
            2 months ago

            I don’t doubt that some places care about a 1MB size difference. After all, some embedded systems with limited storage need every megabyte they can spare.

    • Solemarc@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      9
      ·
      2 months ago

      I can’t be bothered to build them but looking at the releases on GitHub openssl 3.4.0 is 17.5mb and rustls is 2.6mb. both of these releases are source files not binaries but I don’t see how rustls could possibly be larger than openssl.

      • Username@feddit.org
        link
        fedilink
        arrow-up
        18
        ·
        2 months ago

        Comparing source code sizes is completely meaningless. Rust projects are usually smaller with far more granular dependencies.