1 |
Hello, developers and Gentoo LibreSSL team. |
2 |
|
3 |
TL;DR: is there really a point in continuing the never-ending always- |
4 |
regressing struggle towards supporting LibreSSL in Gentoo? |
5 |
|
6 |
|
7 |
I would like to discuss the possibility of discontinuing LibreSSL |
8 |
support in Gentoo in favor of sticking with OpenSSL. Similarly how we |
9 |
ended up deciding that fighting for libav was unpractical and the vast |
10 |
majority of users are using ffmpeg (because they didn't really have |
11 |
a choice), today it seems that LibreSSL is suffering the same fate. |
12 |
|
13 |
LibreSSL users, does LibreSSL today have any benefit over OpenSSL? |
14 |
To be honest, I don't think so. In 2014, it might have represented |
15 |
a new quality. But today, OpenSSL is alive and kicking, and LibreSSL |
16 |
finds it hard to keep up. |
17 |
|
18 |
The vast majority of software is not tested against LibreSSL. While |
19 |
patches are usually trivial and we have people that submit them, |
20 |
I find many of them short-sighted. Just look at [1]. Sure, it fixes |
21 |
the build today but it disabled the feature for all foreseeable future. |
22 |
How likely is it that somebody will submit another patch reenabling it |
23 |
with a future LibreSSL version? |
24 |
|
25 |
While normally I strongly prefer submitting such patches upstream, that |
26 |
makes things even worse. I mean, I wouldn't be surprised if there were |
27 |
dozens of packages today that are crippled with LibreSSL just because |
28 |
somebody fixed the build in the past and never revisited the problem. |
29 |
|
30 |
This somewhat resembles running in circles. Packages kept being broken |
31 |
with LibreSSL because rarely anyone is using it. And rarely anyone is |
32 |
using LibreSSL because the apparent benefit (or lack thereof) does not |
33 |
justify the constant breakage (plus invisible regressions). |
34 |
|
35 |
All this considered, provided that nobody is able to find a good reason |
36 |
to use LibreSSL, I would like to propose that we stop patching |
37 |
packages, discontinue support for it and last rite it. |
38 |
|
39 |
|
40 |
[1] https://761981.bugs.gentoo.org/attachment.cgi?id=679892 |
41 |
|
42 |
-- |
43 |
Best regards, |
44 |
Michał Górny |