I've seen a lot of ebuilds lately that use 'openssl' USE flag for the
purpose of enabling ssl features. I think this should be discouraged
since it introduces inconsistency and is especially confusing for
packages like media-video/ffmpeg, where'd you expect to get ssl support
by having the global ssl USE flag enabled.
Furthermore, some packages have started to do things like
REQUIRED_USE="^^ ( openssl libressl )"
which is even more inconsistent now and will make it very hard for
people to switch to libressl without figuring out a lot of blockers,
since we have conflicting meanings of 'openssl' now. One uses it as a
feature flag, the other as a provider flag.
We have two choices here afais to design the USE flag meanings and how
they are used by ebuild authors:
A) 1 feature flag, 2 lax provider flags, 1 strict provider flag
* ssl: enable any sort of SSL/TLS support
* gnutls: primarily to enable gnutls provided ssl support in case
there is a choice
* openssl: primarily to enable openssl provided ssl support in case
there is a choice (might be implemented as !gnutls? instead)
* libressl: switch the openssl provider to libressl _without_
conflicting with openssl, so any alternative usage of
'openssl' USE flag will not break the libressl dep-graph
consequences:
* REQUIRED_USE="^^ ( openssl libressl )" is _disallowed_
* packages like media-video/ffmpeg should switch the USE flag
openssl->ssl to avoid confusing global user configuration, but it's
not strictly disallowed
B) 1 feature flag, 3 strict provider flags
* ssl: enable any sort of SSL/TLS support
* gnutls: only to enable gnutls provided ssl support in case there
is a choice
* openssl: only to enable openssl provided ssl support in case
there is a choice (should not be implemented as !gnutls?)
* libressl: only to enable libressl provided ssl support in case there
is a choice, must conflict with 'openssl' USE flag
consequences:
* REQUIRED_USE="^^ ( openssl libressl )" is not only allowed, it is
_mandatory_
* packages like media-video/ffmpeg _must_ switch the USE flag
openssl->ssl to avoid breaking global USE flags
* !gnutls? ( dev-libs/openssl:0 ) will be bad form or even disallowed
A is not that difficult. Most uses of 'openssl' can just be replaced
with 'ssl', others probably with '!gnutls?' even. A few exotic ones
might stay and we will have to advice users to set USE="openssl
libressl" instead of USE="-openssl libressl".
B will definitely be more work, but ofc is also a lot cleaner and
totally unambigous.
I hope I didn't confuse anything here.
