1 |
Hi Peter, |
2 |
|
3 |
On 2020/12/29 13:29, Peter Stuge wrote: |
4 |
> Michał Górny wrote: |
5 |
>>> I'm sure that there are numerous cases where libressl doesn't work, |
6 |
>>> but that's no reason to dismiss cases where it *does*. |
7 |
>> Are you asking people to put an effort into maintaining something that |
8 |
>> can't be practically installed? |
9 |
> No, I'm rather asking to change the level of commitment. |
10 |
> |
11 |
> I agree completely that it's unreasonable for Gentoo (worse, 1 person!) |
12 |
> to continuosly patch the entire world for libressel. |
13 |
> |
14 |
> I'm asking to stop doing that, yet still enable the choice between |
15 |
> openssl and libressl where that is possible without patches, even |
16 |
> if that's only openntpd and one other package. |
17 |
|
18 |
Are you willing to put in the work to allow installing openssl and |
19 |
libressl concurrently on the same system? |
20 |
|
21 |
And I raise this, because as others have insinuated, currently it's one |
22 |
or the other, they can't co-exist, and there are a great many number of |
23 |
packages that doesn't work with libressl. The only real solution then |
24 |
to make libressl viable is to make it co-exist with openssl reliably. |
25 |
|
26 |
Of course there are various strategies (or combination of), to mention |
27 |
but a few: |
28 |
|
29 |
1. Use a virtual/??? (but since the APIs aren't compatible despite the |
30 |
libressl promise thereto ...) |
31 |
2. Install them into different prefixes (eg /usr/lib/openssl + |
32 |
/usr/lib/libressl and have the linker link to a specific version, |
33 |
/usr/include/{openssl,libressl} too). |
34 |
3. Make ssl USE flag another single-choice USE_EXPAND, posibly by way |
35 |
of openssl.eclass. |
36 |
|
37 |
My personal support currently goes towards at the very least masking |
38 |
libressl, but removal unless someone is going to put in the effort |
39 |
towards the above. Happy to help with patching on my own packages, but |
40 |
without concurrent install of libre+openssl it's a massive workload to |
41 |
test for me, so not happy with current state either. |
42 |
|
43 |
+1 for removal given current state, but would be in willing and in |
44 |
support of updating the packages I maintain to assist with libressl |
45 |
support if the eco system can be improved. |
46 |
|
47 |
Kind Regards, |
48 |
Jaco |