Gentoo Archives: gentoo-dev

From: Quentin RETORNAZ <gentoo@××××××××.com>
To: 4df6a5db065612ebc633353a8efc5e2abe455d2a.camel@g.o, gentoo-dev@l.g.o
Cc: mgorny@g.o
Subject: [gentoo-dev] LibreSSL support
Date: Sat, 02 Jan 2021 19:06:32
1 Hello,
3 I was discussing with steils since he asked my opinion about this
4 subject.
6 I did ask on #libressl channel on Freenode about recent security
7 vulnerability between OpenSSL and LibreSSL. They told me[1] that in the
8 3 security vulnerabilities discovered in 2020 in LibreSSL, only 1 have
9 affected LibreSSL. Maybe that it is still more secure than OpenSSL.
11 steils suggested me to maintain LibreSSL overlay. I would be happy to
12 help on this. I  already did some contributions on this overlay.
14 Sincerely,
16 Quentin RETORNAZ.
18 [1]2021-01-01 02:08 <busterbcook> Late answer I know, but 3.3.1
19 released with the fix for CVE-2020-1971 (backported to 3.2.x and 3.1.x
20 as well).
21 2020-01-01 02:15 <busterbcook> Case_Of AFAIK, that's the only one in
22 2020 that was shared between the libraries, but it was fairly minimal
23 in real-world impact IIRC. The number of security bug reports for
24 either has been pretty minimal for both in the last year.
25 and
26 didn't affect LibreSSL
27 I believe.


File name MIME type
signature.asc application/pgp-signature