On 08/22/2015 06:08 AM, Viktor Dukhovni wrote:
On Wed, Aug 19, 2015 at 12:58:38PM -0700, Alice Wonder wrote:
``You also turn on thousands and thousands of lines of OpenSSL library code.
Assuming that OpenSSL is written as carefully as Wietse's own code, every
1000 lines introduce one additional bug into Postfix.''
We now know OpenSSL has not been written as carefully as Postfix. LibreSSL
removed a lot of needless code and has cleaned up a lot of what was left.
Yes, but LibreSSL is just a fork, with mostly the same real issues.
Real work is happening upstream to improve the internals, not just
remove non-mainstream features. I don't see a compelling reason
to use LibreSSL if you're not on OpenBSD. I see successful marketing
with not much substance underneath.
If they really wanted to make a difference, they'd send patches,
not fork the project. I've seen very little by way of upstream
contributions.
One of the reasons they forked is because there were issue WITH PATCHES
in the OpenSSL bug database that were not addressed for several years.
