| 1 |
On Tue, 29 Dec 2020 23:34:36 +0000 |
| 2 |
Peter Stuge <peter@×××××.se> wrote: |
| 3 |
|
| 4 |
> David Seifert wrote: |
| 5 |
> > > Maybe because it is so well-known that monoculture is harmful per se, |
| 6 |
> > > which is why the commitment to choice in Gentoo is very valuable. |
| 7 |
> > > |
| 8 |
> > > Further, LibreSSL comes out of the OpenBSD project, which has a good |
| 9 |
> > > reputation on code quality. |
| 10 |
> > |
| 11 |
> > Like strong-arming 99% of the users of OpenSSH because they were |
| 12 |
> > unwilling to port to the OpenSSL 1.1 API, fully well knowing that most |
| 13 |
> > of the OpenSSH consuming world doesn't actually use libressl? How is |
| 14 |
> > explicitly tying OpenSSH to libressl not a form of monoculture? |
| 15 |
> |
| 16 |
> Now we're properly off-topic :) but considering that OpenSSH is developed |
| 17 |
> for OpenBSD and that openssh-portable is merely provided as a service to |
| 18 |
> other systems it's easy to understand why OpenSSH (remember, part of OpenBSD) |
| 19 |
> uses the libressl API for crypto, and why the -portable team is not so keen |
| 20 |
> on maintaining patches for other crypto providers. Another example is systemd |
| 21 |
> binding tightly to Linux. In both cases it's understandable, but also quite |
| 22 |
> unfortunate; better portability would be better. |
| 23 |
|
| 24 |
I don't have any strong opinions on either side of this argument, I |
| 25 |
have 1 machine on LibreSSL that I would need to switch, but that is |
| 26 |
not really a major issue for me. |
| 27 |
|
| 28 |
As the person who has been doing a large percentage of the OpenSSH |
| 29 |
ebuild maintenance for a couple of years now I feel I should |
| 30 |
mention that while it was the case that OpenSSH would not work with |
| 31 |
OpenSSL 1.1+ without a (rather large) patch in the past, that has not |
| 32 |
been the case for some time now. Modern OpenSSH versions work fine with |
| 33 |
modern OpenSSL versions. |
Archives