Re: libressl status

To: "Greg Troxel" <gdt%ir.bbn.com@localhost>
Subject: Re: libressl status
From: "Kamil Rytarowski" <n54%gmx.com@localhost>
Date: Tue, 31 Mar 2015 10:16:20 +0200

Greg Troxel wrote:
> "Paul B. Henson" <henson%acm.org@localhost> writes:
> 
> > I see libressl is in wip with some recent discussion on the list. Is
> > there any idea yet when it might get moved to production? The latest
> > openntpd has an optional dependency on libtls (part of libressl). It
> > will work without it, but the new TLS constraint option won't be
> > available. In the long run, I'm thinking of making tls support an option
> > for the openntpd package which will pull in libressl if enabled.
> 
> There's a whole can of worms there, and it may be better to discuss the
> big picture.   As I see it, libressl is a replacement for openssl (can't
> install both) and is missing some things and has some new things.   So
> it seems like a mk/ssl.mk is needed to have a preferred version, and
> then packages that need the non-preferred one can fail.  That amounts to
> the same thing as what you said, but is more explicit about the bind
> that having incompatible things that own the same namespace.
> 
> Alternatively, the libressl package could get installed in a subprefix,
> so we can have both.
> 
> But I don't see figuring this out as a bar to import.
> 

I'm for a subprefix for LibreSSL, it's still a set utilities in
development and it's not a direct drop-in replacement for OpenSSL. They
already diverged in features and it will likely continue.

I would assume that some consumers will need OpenSSL and some LibreSSL,
it implies need for having both in the same system.

This situation will last till both projects will be alive. Some day
LibreSSL features can be merged back to OpenSSL or the other way around
producing new set of utilities.

My design of integration is as follows:
1. Prepare non conflicting LibreSSL with OpenSSL,
2. Import LibreSSL and switch OpenBSD software to it,
3. Catch bugs in bulk builds
4. Add a switch for ssl.mk and use it for capable software with aid from
https://wiki.freebsd.org/LibreSSL and OpenBSD ports.
5. Catch bugs.

It should be doable in a single release cycle.

Follow-Ups:
- Re: libressl status
  - From: Paul B. Henson

References:
- libressl status
  - From: Paul B. Henson
- Re: libressl status
  - From: Greg Troxel

Prev by Date: Your Student Loans
Next by Date: daily pkgsrc CVS update output
Previous by Thread: Re: libressl status
Next by Thread: Re: libressl status
Indexes:

Home | Main Index | Thread Index | Old Index