| 1 |
> On 28 Dec 2020, at 10:02, Hanno Böck <hanno@g.o> wrote: |
| 2 |
> |
| 3 |
> If it has any weight: |
| 4 |
> I think I was the first person to build Gentoo with LibreSSL. I support |
| 5 |
> this. |
| 6 |
> |
| 7 |
|
| 8 |
I’m pleased to have yours and blueness’ input. Really, I think going |
| 9 |
is probably best. Just make it clear it can come back with some |
| 10 |
new backing, if that ever happens. |
| 11 |
|
| 12 |
Thinking about it some more, we recently had QtNetwork users without |
| 13 |
security patches for a few weeks because (and this is not his fault) there’s |
| 14 |
only a bus factor of 1 for updating compatibility on every point release of Qt. |
| 15 |
|
| 16 |
I’m also unconvinced that if we suddenly lost LibreSSL compatibility in some |
| 17 |
@system or otherwise popular package we could restore functionality in any |
| 18 |
reasonable timeframe. |
| 19 |
|
| 20 |
Bit sad to be here, but here we are. |
| 21 |
|
| 22 |
> I believe pretty much everything that LibreSSL originally was |
| 23 |
> (consistent codingstyle, cleanup of obsolete/dead code etc.) has |
| 24 |
> happened in OpenSSL these days. It's more that there's some myth around |
| 25 |
> LibreSSL from these early days (where the people behind it raised |
| 26 |
> back then valid criticism about OpenSSL) than any real value. |
| 27 |
|
| 28 |
This is exactly my experience. |
| 29 |
|
| 30 |
> |
| 31 |
> -- |
| 32 |
> Hanno Böck |
| 33 |
> https://hboeck.de/ |
| 34 |
> |
Archives