On Tue, Oct 17, 2017 at 10:26:06PM +0200, Guus Sliepen wrote: > I see two main forces determining which fork of a library will be used: > either distributions themselves will choose based on technical and other > merits, or important applications will favor one of the forks, forcing > the decision for distributions. OpenSSH is now applying some force, I > have no idea what programs are out there that can only work with > OpenSSL. I assume those that moved to OpenSSL 1.1 and ditched OpenSSL > 1.0 compatibility, but I wonder how many there are. > > It would be interesting to recompile all packages that Build-Depend: > libssl-dev with LibreSSL, and see what actually breaks...
It occured to me that I can provide data on how much such a rebuild would take. Of course, a fat elebenty-core machine with gobs of RAM can do the whole archive in hours, while a shit ARM SoC takes over two months, but proportions should be roughly same. Packages with an OpenSSL build-dependency are pretty heavy: there are 714 ones depending on libssl-dev, taking 7.7% of total archive rebuild time. As for libssl1.0-dev, it's 271 packages taking 2.5% of time. On said shit SoC that's 5 and 1.6 days respectively. I don't know what's under your desk, but I don't suspect you of using a machine that can't do such a rebuild under a day. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out, ⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the ⠈⠳⣄⠀⠀⠀⠀ sky. Your cat demands food. The priority should be obvious...
