tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: libressl status



"Paul B. Henson" <henson%acm.org@localhost> writes:

> I see libressl is in wip with some recent discussion on the list. Is
> there any idea yet when it might get moved to production? The latest
> openntpd has an optional dependency on libtls (part of libressl). It
> will work without it, but the new TLS constraint option won't be
> available. In the long run, I'm thinking of making tls support an option
> for the openntpd package which will pull in libressl if enabled.

There's a whole can of worms there, and it may be better to discuss the
big picture.   As I see it, libressl is a replacement for openssl (can't
install both) and is missing some things and has some new things.   So
it seems like a mk/ssl.mk is needed to have a preferred version, and
then packages that need the non-preferred one can fail.  That amounts to
the same thing as what you said, but is more explicit about the bind
that having incompatible things that own the same namespace.

Alternatively, the libressl package could get installed in a subprefix,
so we can have both.

But I don't see figuring this out as a bar to import.

> If libressl will likely get promoted relatively soon, I'll probably
> just wait for it to show up, otherwise I might create an openntpd
> package in wip to play with the libtls support.

The freeze will be over shortly, and then it will be possible to import
packages.  Looking at what's in wip, I don't see any reason not to
import it.

So: if anybody thinks it shouldn't be imported over the week or so
starting at thaw, please speak up.

Attachment: pgpKrHKrkHQwM.pgp
Description: PGP signature



Home | Main Index | Thread Index | Old Index