1 |
From: "Robin H. Johnson" <robbat2@g.o> |
2 |
|
3 |
Signed-off-by: Robin H. Johnson <robbat2@g.o> |
4 |
--- |
5 |
.../2021-10-17-openssl-bindist-removal.en.txt | 38 +++++++++++++++++++ |
6 |
1 file changed, 38 insertions(+) |
7 |
create mode 100644 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt |
8 |
|
9 |
diff --git 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt |
10 |
new file mode 100644 |
11 |
index 0000000..ca6c6e6 |
12 |
--- /dev/null |
13 |
+++ 2021-10-17-openssl-bindist-removal/2021-10-17-openssl-bindist-removal.en.txt |
14 |
@@ -0,0 +1,38 @@ |
15 |
+Title: dev-libs/openssl USE=bindist removal |
16 |
+Author: Robin H. Johnson <robbat2@g.o> |
17 |
+Posted: 2021-10-17 |
18 |
+Revision: 1 |
19 |
+News-Item-Format: 2.0 |
20 |
+Display-If-Installed: dev-libs/openssl[bindist] |
21 |
+ |
22 |
+On 2021-11-19, the base-system team will remove USE=bindist |
23 |
+behavior from dev-libs/openssl, per bug #762850 [1]. |
24 |
+ |
25 |
+Users should not experience any ABI incompatibilities that |
26 |
+require recompilation when moving from |
27 |
+dev-libs/openssl[bindist] to dev-libs/openssl[-bindist]. |
28 |
+ |
29 |
+However, moving back in future may recompile if any binaries |
30 |
+of their systems depend on the additional symbols available |
31 |
+with USE=-bindist. |
32 |
+ |
33 |
+USE=bindist on dev-libs/openssl historically applied RedHat |
34 |
+work, called hobble-openssl [2], that was intended to make |
35 |
+OpenSSL "safe" to distribute with regards to various |
36 |
+patents, in the opinion of RedHat's legal counsel. The |
37 |
+hobble-openssl, in it's last iterations, it greatly |
38 |
+restricted which parts of EC (elliptic curve) were available |
39 |
+[3][4] |
40 |
+ |
41 |
+Debian & Ubuntu do not apply any similar behavior, and |
42 |
+Gentoo intends to follow Debian's lead with regards to |
43 |
+OpenSSL hobble-openssl moving forward. |
44 |
+ |
45 |
+[1] https://bugs.gentoo.org/762850 |
46 |
+[2] Multiple files: |
47 |
+ https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/hobble-openssl |
48 |
+ https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/ectest.c |
49 |
+ https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/ec_curve.c |
50 |
+ https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0011-Remove-EC-curves.patch |
51 |
+[3] https://archives.gentoo.org/gentoo-dev/message/f0d16240bb0dd1ff38fb5223bec810ab |
52 |
+[4] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#system-wide-crypto-policies_using-the-system-wide-cryptographic-policies |
53 |
-- |
54 |
2.33.1 |