> On 28 Dec 2020, at 10:02, Hanno Böck <ha...@gentoo.org> wrote: > > If it has any weight: > I think I was the first person to build Gentoo with LibreSSL. I support > this. >
I’m pleased to have yours and blueness’ input. Really, I think going is probably best. Just make it clear it can come back with some new backing, if that ever happens. Thinking about it some more, we recently had QtNetwork users without security patches for a few weeks because (and this is not his fault) there’s only a bus factor of 1 for updating compatibility on every point release of Qt. I’m also unconvinced that if we suddenly lost LibreSSL compatibility in some @system or otherwise popular package we could restore functionality in any reasonable timeframe. Bit sad to be here, but here we are. > I believe pretty much everything that LibreSSL originally was > (consistent codingstyle, cleanup of obsolete/dead code etc.) has > happened in OpenSSL these days. It's more that there's some myth around > LibreSSL from these early days (where the people behind it raised > back then valid criticism about OpenSSL) than any real value. This is exactly my experience. > > -- > Hanno Böck > https://hboeck.de/ >
signature.asc
Description: Message signed with OpenPGP
