1 |
> On 28 Dec 2020, at 10:02, Hanno Böck <hanno@g.o> wrote: |
2 |
> |
3 |
> If it has any weight: |
4 |
> I think I was the first person to build Gentoo with LibreSSL. I support |
5 |
> this. |
6 |
> |
7 |
|
8 |
I’m pleased to have yours and blueness’ input. Really, I think going |
9 |
is probably best. Just make it clear it can come back with some |
10 |
new backing, if that ever happens. |
11 |
|
12 |
Thinking about it some more, we recently had QtNetwork users without |
13 |
security patches for a few weeks because (and this is not his fault) there’s |
14 |
only a bus factor of 1 for updating compatibility on every point release of Qt. |
15 |
|
16 |
I’m also unconvinced that if we suddenly lost LibreSSL compatibility in some |
17 |
@system or otherwise popular package we could restore functionality in any |
18 |
reasonable timeframe. |
19 |
|
20 |
Bit sad to be here, but here we are. |
21 |
|
22 |
> I believe pretty much everything that LibreSSL originally was |
23 |
> (consistent codingstyle, cleanup of obsolete/dead code etc.) has |
24 |
> happened in OpenSSL these days. It's more that there's some myth around |
25 |
> LibreSSL from these early days (where the people behind it raised |
26 |
> back then valid criticism about OpenSSL) than any real value. |
27 |
|
28 |
This is exactly my experience. |
29 |
|
30 |
> |
31 |
> -- |
32 |
> Hanno Böck |
33 |
> https://hboeck.de/ |
34 |
> |