1 |
> On 29 Dec 2020, at 09:13, Marcel Schilling <marcel.schilling@××××××××××.de> wrote: |
2 |
> |
3 |
> |
4 |
> I just want to comment that I switched to LibreSSL on several Gentoo |
5 |
> systems years ago and never had any major issues. |
6 |
> I run both desktop and server systems with LibreSSL, based on X and |
7 |
> Wayland. The only issues I ran into is a slight lag of the overlay |
8 |
> behind the main tree so once in a while I had to mask a new version of |
9 |
> some package for a week or so. |
10 |
|
11 |
It is largely one person who is under a lot of stress to provide updated |
12 |
patches ASAP. Some upstreams have made clear they will never |
13 |
accept LibreSSL patches and life becomes harder as they adopt |
14 |
new APIs not yet supported in the Libre variant. |
15 |
|
16 |
TL;DR: I’d be fine with keeping LibreSSL if we had (an influx of) people |
17 |
coming up with patches that are sustainable, upstreamed, and not just |
18 |
crippling functionality. |
19 |
|
20 |
> So from a pure user perspective, thing change would mean a risky update |
21 |
> to systems running stable for years with no gain whatsoever. |
22 |
|
23 |
This isn’t quite right. Users cannot upgrade to new versions of software, |
24 |
possibly with security fixes, until a new patch is created and applied. |
25 |
|
26 |
This recently happened with mupdf. |
27 |
|
28 |
One of our developers runs several high-bandwidth Tor relays which |
29 |
were broken with LibreSSL and still haven’t been fixed. But I accept |
30 |
that you’ve had a pain-free experience. |
31 |
|
32 |
> So even if LibreSSL does not provide any advantage over OpenSSL |
33 |
> (anymore), dropping support would do harm. |
34 |
> That said, I do understand maintainer burden and I will probably be fine |
35 |
> with such a change. But I have to say that over the last ten years, |
36 |
> Gentoo does feel a lot less focussed on choice than it used to and I am |
37 |
> counting the days until is deemed 'unpractical' to support legacy boot, |
38 |
> non-systemd init or 'exotic' arches. ;-) |
39 |
> |
40 |
|
41 |
I don’t think this is true. We support equality of openrc vs systemd and |
42 |
if you think there’s deficits there, please let us know - although of course |
43 |
help is welcome (and needed for OpenRC). |
44 |
|
45 |
And on arches, I spend a lot of my time testing packages on various |
46 |
exotic architectures, so it’d be good to have some concrete examples |
47 |
of what’s bothering you. |
48 |
|
49 |
I don’t think being realistic about what we can support is wrong, |
50 |
but I’m also not sure we’ve been particularly aggressive or wrong |
51 |
with any of those decisions... |
52 |
|
53 |
> Best, |
54 |
> Marcel |
55 |
|
56 |
— |
57 |
My position is that I’d prefer to just mask it and make clear it’s |
58 |
unsupported rather than remove at all. |
59 |
|
60 |
There’s little to be gained from fully removing - we can just treat it like |
61 |
musl/prefix/whatever else, i.e. a niche thing which we support with best-effort |
62 |
(and it might be a bit patchy). |
63 |
|
64 |
Thanks, |
65 |
Sam |