| 1 |
Hi, |
| 2 |
|
| 3 |
On 28/12/2020 11:56, Michał Górny wrote: |
| 4 |
> Hello, developers and Gentoo LibreSSL team. |
| 5 |
> |
| 6 |
> TL;DR: is there really a point in continuing the never-ending always- |
| 7 |
> regressing struggle towards supporting LibreSSL in Gentoo? |
| 8 |
> |
| 9 |
|
| 10 |
I don't agree. |
| 11 |
|
| 12 |
I have asked ~20 users who made any contributions (like bug reports or patches) |
| 13 |
recently, and almost all of them think that having a choice between OpenSSL |
| 14 |
and LibreSSL adds value to Gentoo. Some still trust LibreSSL more than OpenSSL |
| 15 |
because of its sins of the past. Although I can see that OpenSSL made a good |
| 16 |
progress in the latest several years. Anyway LibreSSL serves well to some |
| 17 |
number of users, and switching back to OpenSSL can be troublesome (think if you |
| 18 |
had dozens of servers running LibreSSL). |
| 19 |
|
| 20 |
LibreSSL support in Gentoo is not critical for me. But it doesn't take too |
| 21 |
much effort. I think the cost-benefit ratio is good enough for keeping it. |
| 22 |
|
| 23 |
Last but not least, the LibreSSL itself is well, alive and actively developed. |
| 24 |
People might want to use it. I see no good reasons not to support it, |
| 25 |
other than lack of time, will and effort. |
| 26 |
I really think that ability to choose (even between things that do not have |
| 27 |
great advantage over each other) - is a value in itself. |
| 28 |
|
| 29 |
> |
| 30 |
> The vast majority of software is not tested against LibreSSL. While |
| 31 |
> patches are usually trivial and we have people that submit them, |
| 32 |
> I find many of them short-sighted. Just look at [1]. Sure, it fixes |
| 33 |
> the build today but it disabled the feature for all foreseeable future. |
| 34 |
> How likely is it that somebody will submit another patch reenabling it |
| 35 |
> with a future LibreSSL version? |
| 36 |
|
| 37 |
The likelihood is greater than zero: |
| 38 |
https://github.com/lighttpd/lighttpd1.4/commit/57f450f1992fc4e28cf85969eeebccb240df4303 |
| 39 |
https://github.com/gentoo-mirror/gentoo/commit/c7792db235647a6441b315528997b40ba2beeaaa |
| 40 |
https://github.com/Yubico/yubico-piv-tool/commit/3bcd36bbdbbdc86d06cc53df7e3b7c30d12cd33e |
| 41 |
etc... |
| 42 |
|
| 43 |
That was why I disagree. |
| 44 |
|
| 45 |
But I'll acquiesce in the decision to remove LibreSSL, because the number of |
| 46 |
developers that actually work on LibreSSL support is about 1.5. And unfortunately |
| 47 |
I don't have much time and effort for Gentoo currently, because of the main job |
| 48 |
and other life (I hope it will change soon though). |
| 49 |
|
| 50 |
I would be happier if some other developers were able and willing to participate |
| 51 |
actively in the LibreSSL project. But if not, not. |
| 52 |
Just make the transition as painless as possible. |
Archives