> On 29 Dec 2020, at 09:13, Marcel Schilling <marcel.schill...@mdc-berlin.de> > wrote: > > > I just want to comment that I switched to LibreSSL on several Gentoo > systems years ago and never had any major issues. > I run both desktop and server systems with LibreSSL, based on X and > Wayland. The only issues I ran into is a slight lag of the overlay > behind the main tree so once in a while I had to mask a new version of > some package for a week or so.
It is largely one person who is under a lot of stress to provide updated patches ASAP. Some upstreams have made clear they will never accept LibreSSL patches and life becomes harder as they adopt new APIs not yet supported in the Libre variant. TL;DR: I’d be fine with keeping LibreSSL if we had (an influx of) people coming up with patches that are sustainable, upstreamed, and not just crippling functionality. > So from a pure user perspective, thing change would mean a risky update > to systems running stable for years with no gain whatsoever. This isn’t quite right. Users cannot upgrade to new versions of software, possibly with security fixes, until a new patch is created and applied. This recently happened with mupdf. One of our developers runs several high-bandwidth Tor relays which were broken with LibreSSL and still haven’t been fixed. But I accept that you’ve had a pain-free experience. > So even if LibreSSL does not provide any advantage over OpenSSL > (anymore), dropping support would do harm. > That said, I do understand maintainer burden and I will probably be fine > with such a change. But I have to say that over the last ten years, > Gentoo does feel a lot less focussed on choice than it used to and I am > counting the days until is deemed 'unpractical' to support legacy boot, > non-systemd init or 'exotic' arches. ;-) > I don’t think this is true. We support equality of openrc vs systemd and if you think there’s deficits there, please let us know - although of course help is welcome (and needed for OpenRC). And on arches, I spend a lot of my time testing packages on various exotic architectures, so it’d be good to have some concrete examples of what’s bothering you. I don’t think being realistic about what we can support is wrong, but I’m also not sure we’ve been particularly aggressive or wrong with any of those decisions... > Best, > Marcel — My position is that I’d prefer to just mask it and make clear it’s unsupported rather than remove at all. There’s little to be gained from fully removing - we can just treat it like musl/prefix/whatever else, i.e. a niche thing which we support with best-effort (and it might be a bit patchy). Thanks, Sam
signature.asc
Description: Message signed with OpenPGP
