Kurt Roeckx <kurt <at> roeckx.be> writes: > On Sun, Apr 20, 2014 at 07:07:45PM +0100, Steven Chamberlain wrote:
> > But meanwhile, OpenBSD developers are extensively cleaning up OpenSSL > > 1.0.1g. > > One of the problems with anything from OpenBSD is that they only > care about OpenBSD, and if you want to use that fork you'll > actually have to go and revert some of the things they're doing. Right. In some cases, the OpenBSD-caused cleanup helps though, although even for mksh’s predecessor, it also introduced bugs, and certainly made things unportable. For their OpenSSL fork, specifically, they rely on some system properties such as their RNG’s behaviour way too much (and even then, they lose out on some things… but that’d be more ontopic on a MirBSD mailing list). I think this will work out on neither Linux nor kFreeBSD nor Hurd port of Debian. > Some of the things they're changing are actually good changes, > but some are also just wrong. They don't seem to be understanding > why things are the way they are and seem to be changing code they > don't understand. Right. I saw a few of their changes which will turn out harmful, since I was deep in those very lines of code only 2-3 weeks prior. > > I wonder if this might result in an alternate SSL/TLS library we could > > use in Debian? > > There are alternatives I find all of them questionable. OpenSSL is still the gold standard, sad as that may be. Let’s hope OpenSSL upstream devs wake up now. > but I guess you mean alternative to > openssl. Currently it actually doesn't look like a good option to > me. Fully agreed. bye, //mirabilos -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/loom.20140428t184835-...@post.gmane.org
