| 1 |
> On 29 Dec 2020, at 09:13, Marcel Schilling <marcel.schilling@××××××××××.de> wrote: |
| 2 |
> |
| 3 |
> |
| 4 |
> I just want to comment that I switched to LibreSSL on several Gentoo |
| 5 |
> systems years ago and never had any major issues. |
| 6 |
> I run both desktop and server systems with LibreSSL, based on X and |
| 7 |
> Wayland. The only issues I ran into is a slight lag of the overlay |
| 8 |
> behind the main tree so once in a while I had to mask a new version of |
| 9 |
> some package for a week or so. |
| 10 |
|
| 11 |
It is largely one person who is under a lot of stress to provide updated |
| 12 |
patches ASAP. Some upstreams have made clear they will never |
| 13 |
accept LibreSSL patches and life becomes harder as they adopt |
| 14 |
new APIs not yet supported in the Libre variant. |
| 15 |
|
| 16 |
TL;DR: I’d be fine with keeping LibreSSL if we had (an influx of) people |
| 17 |
coming up with patches that are sustainable, upstreamed, and not just |
| 18 |
crippling functionality. |
| 19 |
|
| 20 |
> So from a pure user perspective, thing change would mean a risky update |
| 21 |
> to systems running stable for years with no gain whatsoever. |
| 22 |
|
| 23 |
This isn’t quite right. Users cannot upgrade to new versions of software, |
| 24 |
possibly with security fixes, until a new patch is created and applied. |
| 25 |
|
| 26 |
This recently happened with mupdf. |
| 27 |
|
| 28 |
One of our developers runs several high-bandwidth Tor relays which |
| 29 |
were broken with LibreSSL and still haven’t been fixed. But I accept |
| 30 |
that you’ve had a pain-free experience. |
| 31 |
|
| 32 |
> So even if LibreSSL does not provide any advantage over OpenSSL |
| 33 |
> (anymore), dropping support would do harm. |
| 34 |
> That said, I do understand maintainer burden and I will probably be fine |
| 35 |
> with such a change. But I have to say that over the last ten years, |
| 36 |
> Gentoo does feel a lot less focussed on choice than it used to and I am |
| 37 |
> counting the days until is deemed 'unpractical' to support legacy boot, |
| 38 |
> non-systemd init or 'exotic' arches. ;-) |
| 39 |
> |
| 40 |
|
| 41 |
I don’t think this is true. We support equality of openrc vs systemd and |
| 42 |
if you think there’s deficits there, please let us know - although of course |
| 43 |
help is welcome (and needed for OpenRC). |
| 44 |
|
| 45 |
And on arches, I spend a lot of my time testing packages on various |
| 46 |
exotic architectures, so it’d be good to have some concrete examples |
| 47 |
of what’s bothering you. |
| 48 |
|
| 49 |
I don’t think being realistic about what we can support is wrong, |
| 50 |
but I’m also not sure we’ve been particularly aggressive or wrong |
| 51 |
with any of those decisions... |
| 52 |
|
| 53 |
> Best, |
| 54 |
> Marcel |
| 55 |
|
| 56 |
— |
| 57 |
My position is that I’d prefer to just mask it and make clear it’s |
| 58 |
unsupported rather than remove at all. |
| 59 |
|
| 60 |
There’s little to be gained from fully removing - we can just treat it like |
| 61 |
musl/prefix/whatever else, i.e. a niche thing which we support with best-effort |
| 62 |
(and it might be a bit patchy). |
| 63 |
|
| 64 |
Thanks, |
| 65 |
Sam |
Archives