| 1 |
Hi Peter, |
| 2 |
|
| 3 |
On 2020/12/29 13:29, Peter Stuge wrote: |
| 4 |
> Michał Górny wrote: |
| 5 |
>>> I'm sure that there are numerous cases where libressl doesn't work, |
| 6 |
>>> but that's no reason to dismiss cases where it *does*. |
| 7 |
>> Are you asking people to put an effort into maintaining something that |
| 8 |
>> can't be practically installed? |
| 9 |
> No, I'm rather asking to change the level of commitment. |
| 10 |
> |
| 11 |
> I agree completely that it's unreasonable for Gentoo (worse, 1 person!) |
| 12 |
> to continuosly patch the entire world for libressel. |
| 13 |
> |
| 14 |
> I'm asking to stop doing that, yet still enable the choice between |
| 15 |
> openssl and libressl where that is possible without patches, even |
| 16 |
> if that's only openntpd and one other package. |
| 17 |
|
| 18 |
Are you willing to put in the work to allow installing openssl and |
| 19 |
libressl concurrently on the same system? |
| 20 |
|
| 21 |
And I raise this, because as others have insinuated, currently it's one |
| 22 |
or the other, they can't co-exist, and there are a great many number of |
| 23 |
packages that doesn't work with libressl. The only real solution then |
| 24 |
to make libressl viable is to make it co-exist with openssl reliably. |
| 25 |
|
| 26 |
Of course there are various strategies (or combination of), to mention |
| 27 |
but a few: |
| 28 |
|
| 29 |
1. Use a virtual/??? (but since the APIs aren't compatible despite the |
| 30 |
libressl promise thereto ...) |
| 31 |
2. Install them into different prefixes (eg /usr/lib/openssl + |
| 32 |
/usr/lib/libressl and have the linker link to a specific version, |
| 33 |
/usr/include/{openssl,libressl} too). |
| 34 |
3. Make ssl USE flag another single-choice USE_EXPAND, posibly by way |
| 35 |
of openssl.eclass. |
| 36 |
|
| 37 |
My personal support currently goes towards at the very least masking |
| 38 |
libressl, but removal unless someone is going to put in the effort |
| 39 |
towards the above. Happy to help with patching on my own packages, but |
| 40 |
without concurrent install of libre+openssl it's a massive workload to |
| 41 |
test for me, so not happy with current state either. |
| 42 |
|
| 43 |
+1 for removal given current state, but would be in willing and in |
| 44 |
support of updating the packages I maintain to assist with libressl |
| 45 |
support if the eco system can be improved. |
| 46 |
|
| 47 |
Kind Regards, |
| 48 |
Jaco |
Archives