| 1 |
On 09/30/2015 02:10 PM, Kristian Fiskerstrand wrote: |
| 2 |
> On 09/30/2015 01:51 PM, Rich Freeman wrote: |
| 3 |
> |
| 4 |
>> I think it was fair to pause to see if somebody could come up with |
| 5 |
>> a better solution that allows co-existence, but absent that I |
| 6 |
>> don't see any benefit from keeping libressl out of the tree. |
| 7 |
>> We'll just experience all the downsides of the fork without the |
| 8 |
>> upsides. |
| 9 |
> |
| 10 |
> This is what worries me as well, as it increase workload and |
| 11 |
> complexity affecting multiple projects without any immediate and |
| 12 |
> obvious gain. |
| 13 |
> |
| 14 |
|
| 15 |
I'm not sure if you have followed the link I just posted: |
| 16 |
https://en.wikipedia.org/wiki/LibreSSL#Security_and_vulnerabilities |
| 17 |
|
| 18 |
0 vs 5 high severity vulnerabilities is a pretty obvious gain. |
| 19 |
|
| 20 |
And that's also one pretty good reason to not delay this like the git |
| 21 |
migration. |
| 22 |
|
| 23 |
If it was about me, I'd simply remove openssl from gentoo altogether to |
| 24 |
reduce maintenance load and avoid the choice-for-the-sake-of-choice |
| 25 |
situation, but it's not my package and not my call, so I basically don't |
| 26 |
care. |
| 27 |
|
| 28 |
|
| 29 |
Anyway, I feel like this thread is now definitely drifting offtopic, so |
| 30 |
I'm probably not going to follow much of this anymore. Feel free to ping |
| 31 |
me directly if there's something actually relevant. |
Archives