Alessandro Barbieri wrote:
> > Obviously this will only be useful for packages wanting to statically link
> > with libressl lib{crypto,ssl}
>
> There is an ongoing effort to remove static libraries from packages.
I know, and I couldn't disagree more with that effort.
> > but I think that's far better than removing libressl.
>
> No, it's not better, it's more work for the security team.
The security team isn't be responsible for what people do.
Flip side: The security team is also not entitled to decide what people
can and can not do.
Security is a policy and technology generally needs to avoid forcing
policy onto humans, but enable human decisions. You can tell that I
value choice.
It's certainly a good default to use shared libraries, but it's no good at
all to hamper legitimate functionality under a guise of security. That's a
far too common and really diseased pattern throughout society, and it makes
me sad that it proliferates also in Gentoo.
//Peter
