Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev@l.g.o
Cc: libressl@g.o
Subject: [gentoo-dev] [RFC] Discontinuing LibreSSL support?
Date: Mon, 28 Dec 2020 08:56:29
1 Hello, developers and Gentoo LibreSSL team.
3 TL;DR: is there really a point in continuing the never-ending always-
4 regressing struggle towards supporting LibreSSL in Gentoo?
7 I would like to discuss the possibility of discontinuing LibreSSL
8 support in Gentoo in favor of sticking with OpenSSL.  Similarly how we
9 ended up deciding that fighting for libav was unpractical and the vast
10 majority of users are using ffmpeg (because they didn't really have
11 a choice), today it seems that LibreSSL is suffering the same fate.
13 LibreSSL users, does LibreSSL today have any benefit over OpenSSL?
14 To be honest, I don't think so. In 2014, it might have represented
15 a new quality. But today, OpenSSL is alive and kicking, and LibreSSL
16 finds it hard to keep up.
18 The vast majority of software is not tested against LibreSSL. While
19 patches are usually trivial and we have people that submit them,
20 I find many of them short-sighted. Just look at [1]. Sure, it fixes
21 the build today but it disabled the feature for all foreseeable future.
22 How likely is it that somebody will submit another patch reenabling it
23 with a future LibreSSL version?
25 While normally I strongly prefer submitting such patches upstream, that
26 makes things even worse. I mean, I wouldn't be surprised if there were
27 dozens of packages today that are crippled with LibreSSL just because
28 somebody fixed the build in the past and never revisited the problem.
30 This somewhat resembles running in circles. Packages kept being broken
31 with LibreSSL because rarely anyone is using it. And rarely anyone is
32 using LibreSSL because the apparent benefit (or lack thereof) does not
33 justify the constant breakage (plus invisible regressions).
35 All this considered, provided that nobody is able to find a good reason
36 to use LibreSSL, I would like to propose that we stop patching
37 packages, discontinue support for it and last rite it.
40 [1]
42 --
43 Best regards,
44 Michał Górny