| 1 |
Michał Górny wrote: |
| 2 |
> > A. It is a distinct implementation with probably /quite some/ stable |
| 3 |
> > compatibility, meaning that it will work perfectly fine as an |
| 4 |
> > alternative in many cases. |
| 5 |
> |
| 6 |
> Except that it doesn't, as has been proven numerous times. |
| 7 |
|
| 8 |
I'm sure that there are numerous cases where libressl doesn't work, |
| 9 |
but that's no reason to dismiss cases where it *does*. |
| 10 |
|
| 11 |
Did anyone gather actual numbers? |
| 12 |
|
| 13 |
|
| 14 |
> > B. It brings its own TLS API, a unique feature which by itself |
| 15 |
> > warrants the package. |
| 16 |
> |
| 17 |
> ...which by itself has no future |
| 18 |
|
| 19 |
That's arrogant and silly coming from anywhere but upstream. |
| 20 |
|
| 21 |
You can argue that you will never use the API in your TLS programs, |
| 22 |
but even then that says really nothing about the API provider itself. |
| 23 |
|
| 24 |
|
| 25 |
> > More elaborate OpenSSL API users can (arguably should) just block on |
| 26 |
> > libressl instead of requiring patch work. |
| 27 |
> |
| 28 |
> It's all nice theory but in practice it means that nobody will be able |
| 29 |
> to install libressl because some important system packages will block it. |
| 30 |
|
| 31 |
Gentoo can't be expected to do magic. If libressl would conflict on another |
| 32 |
system then of course it will on Gentoo too. Give users more credit here. |
| 33 |
|
| 34 |
Also, think more about other use cases than your own. I mentioned one; |
| 35 |
non-releng stages. The point here is that it's possible to deliberately |
| 36 |
create a system using libressl by making tradeoffs, e.g. not using some |
| 37 |
"important" system packages which would block it. |
| 38 |
|
| 39 |
Finally, I find it quite beautiful if Gentoo can clearly show that |
| 40 |
important system packages have slipped far down a monoculture slope - |
| 41 |
this is a great incentive for new projects which tackle creating |
| 42 |
alternatives for those packages. |
| 43 |
|
| 44 |
|
| 45 |
> waste our users' time pretending that we do support LibreSSL, |
| 46 |
> while anyone actually trying it will hit a brick wall. |
| 47 |
|
| 48 |
You shouldn't pretend to be something you are not. With a little effort |
| 49 |
to set users' expectations according to the technical reality (a function |
| 50 |
of upstreams; rather unrelated to Gentoo) I don't expect wasted time. |
| 51 |
|
| 52 |
|
| 53 |
//Peter |
Archives