On Mon, Apr 09, at 02:49 Bruce Dubbs wrote:
> On 04/09/2018 02:18 PM, Richard Melville wrote:
> > Well, I disagree. Joel Sing has made it clear that he wants libressl to
> > be a drop-in replacement for openssl. He has also stated publicly that
> > he thinks opaque data structures (the basis of the openssl 1.1 API
> > change) are a good thing. It's openssl that has broken compatibility
> > between the 1.0 and the 1.1 APIs, and thus created issues with openssh,
> > not libressl. It is, therefore, unrealistic to expect libressl to
> > conform to the 1.1 API over night. Clearly, it is going to take some
> > considerable time.
> It has been two years. How much time do you think is reasonable?
> > As a corollary of the need for the original fork, we have seen how many
> > further openssl security breaches were discovered post fork, none of
> > which affected libressl.
> I wonder why there has been no mass exodus to libressl. It has been around
> from 2014. Do you have any ideas about that?
> I did read https://en.wikipedia.org/wiki/LibreSSL
> It does read like it was written by libressl or bsd developers.
Tricky. But might be easy finally.
Theo De Raadt might be an over[something] endless stream of consciousness
mind that simply can not keep his mouth shut, but is an expert in security.
I mean, if there is group of people (this time on earth), on who the earth
could be set its trust to those matters (we are speaking here for the tls stack
and the secure shell (okey?)) and undeniable by all, that would be him and his
friends on OpenBSD!
But as i said the solution at the end might be finally easy.
We just have to provide two different sets of instructions; one for openssl and
one for libre. No big deal.
> -- Bruce
Unsubscribe: See the above information page