Hi, I have been working on an Arch fork for the past several months, and thus have been following Arch developments closely. I noticed this commit ( http://projects.archlinux.org/gitweb.cgi?p=pacman.git;a=commit;h=b8a66d68593... ), where OpenSSL replaces the usage of md5sum and sha1sum utilities for Pacman. While I like the idea of using libraries instead of external binaries, I feel that linking to OpenSSL complicates a few things. For one, it is big, and must be included with any non-static binaries of Pacman (in the installer, this would not be so ideal, unless OpenSSL is included anyways). Another, is that it is simply not legal under the GPL. OpenSSL includes an advertising clause that makes it incompatible with the GPL. Wget and climm had to modify their GPL licenses to link to it ( http://en.wikipedia.org/wiki/Openssl#Licensing ). I purpose using GNUTLS instead. It is released under the LGPLv2.1, should be fully capable, and is compatible with the GPL. Many projects that use OpenSSL can also optionally link to GNUTLS instead, so I would suggest doing so with all possible packages (lftp, elinks, wget). What are your thoughts about this? Pacman is an excellent package manager; thank you for all of the work that you put into it. Cheers, Teran (sega01)