On Mon, Oct 16, 2017 at 01:07:43PM -0400, Michael Stone wrote: > My understanding is that the libressl project does not support a release for > the length of a debian release cycle, and does not commit to API stability > for debian-cycle periods.
The LibreSSL website currently says one year. One relevant data point is that OpenSSH 7.6p1 seems to build and run fine against LibreSSL 2.0.0 (the first public release, from July 2014), so I'm not very concerned about API stability from the point of view of OpenSSH. Your wider concerns may well be reasonable for an externally-packaged library though; I don't have enough experience with SSL library maintenance to be able to say. -- Colin Watson [cjwat...@debian.org]