Michał Górny wrote: > > A. It is a distinct implementation with probably /quite some/ stable > > compatibility, meaning that it will work perfectly fine as an > > alternative in many cases. > > Except that it doesn't, as has been proven numerous times.
I'm sure that there are numerous cases where libressl doesn't work, but that's no reason to dismiss cases where it *does*. Did anyone gather actual numbers? > > B. It brings its own TLS API, a unique feature which by itself > > warrants the package. > > ...which by itself has no future That's arrogant and silly coming from anywhere but upstream. You can argue that you will never use the API in your TLS programs, but even then that says really nothing about the API provider itself. > > More elaborate OpenSSL API users can (arguably should) just block on > > libressl instead of requiring patch work. > > It's all nice theory but in practice it means that nobody will be able > to install libressl because some important system packages will block it. Gentoo can't be expected to do magic. If libressl would conflict on another system then of course it will on Gentoo too. Give users more credit here. Also, think more about other use cases than your own. I mentioned one; non-releng stages. The point here is that it's possible to deliberately create a system using libressl by making tradeoffs, e.g. not using some "important" system packages which would block it. Finally, I find it quite beautiful if Gentoo can clearly show that important system packages have slipped far down a monoculture slope - this is a great incentive for new projects which tackle creating alternatives for those packages. > waste our users' time pretending that we do support LibreSSL, > while anyone actually trying it will hit a brick wall. You shouldn't pretend to be something you are not. With a little effort to set users' expectations according to the technical reality (a function of upstreams; rather unrelated to Gentoo) I don't expect wasted time. //Peter
