On 04/09/2018 02:18 PM, Richard Melville wrote:
Well, I disagree. Joel Sing has made it clear that he wants libressl to be a drop-in replacement for openssl. He has also stated publicly that he thinks opaque data structures (the basis of the openssl 1.1 API change) are a good thing. It's openssl that has broken compatibility between the 1.0 and the 1.1 APIs, and thus created issues with openssh, not libressl. It is, therefore, unrealistic to expect libressl to conform to the 1.1 API over night. Clearly, it is going to take some considerable time.
It has been two years. How much time do you think is reasonable?
As a corollary of the need for the original fork, we have seen how many further openssl security breaches were discovered post fork, none of which affected libressl.
I wonder why there has been no mass exodus to libressl. It has been around from 2014. Do you have any ideas about that?
I did read https://en.wikipedia.org/wiki/LibreSSL It does read like it was written by libressl or bsd developers. -- Bruce -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page