1 |
Hi, |
2 |
|
3 |
On 28/12/2020 11:56, Michał Górny wrote: |
4 |
> Hello, developers and Gentoo LibreSSL team. |
5 |
> |
6 |
> TL;DR: is there really a point in continuing the never-ending always- |
7 |
> regressing struggle towards supporting LibreSSL in Gentoo? |
8 |
> |
9 |
|
10 |
I don't agree. |
11 |
|
12 |
I have asked ~20 users who made any contributions (like bug reports or patches) |
13 |
recently, and almost all of them think that having a choice between OpenSSL |
14 |
and LibreSSL adds value to Gentoo. Some still trust LibreSSL more than OpenSSL |
15 |
because of its sins of the past. Although I can see that OpenSSL made a good |
16 |
progress in the latest several years. Anyway LibreSSL serves well to some |
17 |
number of users, and switching back to OpenSSL can be troublesome (think if you |
18 |
had dozens of servers running LibreSSL). |
19 |
|
20 |
LibreSSL support in Gentoo is not critical for me. But it doesn't take too |
21 |
much effort. I think the cost-benefit ratio is good enough for keeping it. |
22 |
|
23 |
Last but not least, the LibreSSL itself is well, alive and actively developed. |
24 |
People might want to use it. I see no good reasons not to support it, |
25 |
other than lack of time, will and effort. |
26 |
I really think that ability to choose (even between things that do not have |
27 |
great advantage over each other) - is a value in itself. |
28 |
|
29 |
> |
30 |
> The vast majority of software is not tested against LibreSSL. While |
31 |
> patches are usually trivial and we have people that submit them, |
32 |
> I find many of them short-sighted. Just look at [1]. Sure, it fixes |
33 |
> the build today but it disabled the feature for all foreseeable future. |
34 |
> How likely is it that somebody will submit another patch reenabling it |
35 |
> with a future LibreSSL version? |
36 |
|
37 |
The likelihood is greater than zero: |
38 |
https://github.com/lighttpd/lighttpd1.4/commit/57f450f1992fc4e28cf85969eeebccb240df4303 |
39 |
https://github.com/gentoo-mirror/gentoo/commit/c7792db235647a6441b315528997b40ba2beeaaa |
40 |
https://github.com/Yubico/yubico-piv-tool/commit/3bcd36bbdbbdc86d06cc53df7e3b7c30d12cd33e |
41 |
etc... |
42 |
|
43 |
That was why I disagree. |
44 |
|
45 |
But I'll acquiesce in the decision to remove LibreSSL, because the number of |
46 |
developers that actually work on LibreSSL support is about 1.5. And unfortunately |
47 |
I don't have much time and effort for Gentoo currently, because of the main job |
48 |
and other life (I hope it will change soon though). |
49 |
|
50 |
I would be happier if some other developers were able and willing to participate |
51 |
actively in the LibreSSL project. But if not, not. |
52 |
Just make the transition as painless as possible. |