Friends, I think it is time to import LibreSSL[0]. There are not many packages left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby).
My idea would be: 1. import "dev-libs/libressl" (this will block dev-libs/openssl) and introduce the global USE flag "libressl" with the following description: """ libressl - Use dev-libs/libressl as SSL provider (might need ssl USE flag), packages should not depend on this USE flag """ 2. slowly start migrating those ~550 packages with "libressl" USE flag which is similar to gnutls USE flag. There will be no virtual, because those don't give sufficient control (libressl and openssl are not ABI compatible). I think mass commits don't work since the way we version ebuilds doesn't necessarily trigger git file collisions if someone bumped in between the commits, so the rebase will likely contain inconsistent packages. What this plan requires is: Everyone who is able to test libressl (e.g. via the libressl overlay [1]) should have permission to bump unstable arch packages with an additional libressl USE flag, because otherwise this will be nearly impossible to carry out via bug reports. You will need the libressl overlay for this transition period (which doesn't block openssl), until most ebuilds have been converted in unstable branch. There are also a few eclasses involved: mysql-v2, mysql-multilib, ssl-cert, bitcoincore and apache-2 I have created a wiki page [2] for the transition which also includes a list of all ebuilds that have to be converted (people should update that list when they add libressl support to a package). Did I miss anything? As always: keep bikeshed to a minimum. -- [0] http://www.libressl.org [1] https://github.com/gentoo/libressl [2] https://github.com/gentoo/libressl/wiki/Transition-plan
