On Mon, Apr 23, at 04:29 Richard Melville wrote: > On 22 April 2018 at 16:51, Bruce Dubbs <bruce.du...@gmail.com> wrote: > > I wasn't going to be drawn into this discussion again as it appears that > Bruce's mind is already made up. Hi Richard, please don't be disappointed. I think first thet the initial work is ten minutes job maximum that consist of: - changing all the references to openssl to libressl - rename the openssl page to libressl
- adjust the variables - adjust the instructions Now, The second step is to build the applications and libraries that depend on -lssl. I can bet that few packages will require patches. But even if a package does, voidlinux has already has it, and here is the source: git clone https://github.com/voidlinux/void-packages.git And then it has to be available in public. Maintainance however is another thing. This has to backport all the patches from blfs and keep in a sync the differences in the sll relative pages. Very very simple but time consuming. Personally i would support to host this project in the LFS infrastructure, if there was a volunteer to maintain that thing. But this has to be in git because is the feature and makes collobaration an a enjoyable game. So because there is no git support, though there were a couple of quick attempts to convert the codebase lately - if someone has already done it please open a new thread and share the experiences - the natural choise is github. And then a link to that project will be justified. And since the maintainer has to has flexibility he should be a part of the team of course. > Taking openssh as the starting point, the discussion revolved around which > of the two TLS libraries, openssl or libressl, should be linked to it. > Openssh is an openbsd project, so which makes more logical sense: another > openbsd project: libressl. or openssl from an entirely separate developer > team with a heavily patched openssh? The question has been answered already. Nobody denie[ds] the libressl superiority. The question is for us, which adds complexity. > Another point that I'd like to make is that since 2014 openssh does not > need *any* additional TLS library as it already contains the AES-CTR, > ED25519, ECDH, and ChaCha20 cryptos, where elliptic curve is more secure, > and faster, than RSA/DSA. An added advantage is that building openssh in > this manner produces a much smaller code base, which is always better. > Compiling openssh without the patch, and using -- without-openssl worked > for me. Jesus, i didn't knew that, i have years to build by my own openssh, since i never used, just untill some days when i had to login in higgs to place a .forward file. Thanks for the info Richard. Then this simplifies the instructions a lot!!! So Bruce you owe to him here, if you verify that works for you also :-) Rich, Why don't make you a small patch to help Bruce, who also has to do all the recent fupdates to Gnome, while he has to maintain LFS, to maintain BLFS, to maintain the hints project, to maintain and maintain, and also to be a good professor - as we know he is - and still has to do all these fgome updates. > Richard Best, Αγαθοκλής -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page