1 |
Michał Górny wrote: |
2 |
> > A. It is a distinct implementation with probably /quite some/ stable |
3 |
> > compatibility, meaning that it will work perfectly fine as an |
4 |
> > alternative in many cases. |
5 |
> |
6 |
> Except that it doesn't, as has been proven numerous times. |
7 |
|
8 |
I'm sure that there are numerous cases where libressl doesn't work, |
9 |
but that's no reason to dismiss cases where it *does*. |
10 |
|
11 |
Did anyone gather actual numbers? |
12 |
|
13 |
|
14 |
> > B. It brings its own TLS API, a unique feature which by itself |
15 |
> > warrants the package. |
16 |
> |
17 |
> ...which by itself has no future |
18 |
|
19 |
That's arrogant and silly coming from anywhere but upstream. |
20 |
|
21 |
You can argue that you will never use the API in your TLS programs, |
22 |
but even then that says really nothing about the API provider itself. |
23 |
|
24 |
|
25 |
> > More elaborate OpenSSL API users can (arguably should) just block on |
26 |
> > libressl instead of requiring patch work. |
27 |
> |
28 |
> It's all nice theory but in practice it means that nobody will be able |
29 |
> to install libressl because some important system packages will block it. |
30 |
|
31 |
Gentoo can't be expected to do magic. If libressl would conflict on another |
32 |
system then of course it will on Gentoo too. Give users more credit here. |
33 |
|
34 |
Also, think more about other use cases than your own. I mentioned one; |
35 |
non-releng stages. The point here is that it's possible to deliberately |
36 |
create a system using libressl by making tradeoffs, e.g. not using some |
37 |
"important" system packages which would block it. |
38 |
|
39 |
Finally, I find it quite beautiful if Gentoo can clearly show that |
40 |
important system packages have slipped far down a monoculture slope - |
41 |
this is a great incentive for new projects which tackle creating |
42 |
alternatives for those packages. |
43 |
|
44 |
|
45 |
> waste our users' time pretending that we do support LibreSSL, |
46 |
> while anyone actually trying it will hit a brick wall. |
47 |
|
48 |
You shouldn't pretend to be something you are not. With a little effort |
49 |
to set users' expectations according to the technical reality (a function |
50 |
of upstreams; rather unrelated to Gentoo) I don't expect wasted time. |
51 |
|
52 |
|
53 |
//Peter |