On Wed, Sep 30, 2015 at 7:29 AM, Kristian Fiskerstrand <k...@gentoo.org> wrote: > > The way I see it this is relevant to the discussion at hand.
Admittedly it is a bit tangential, but it didn't seem worth forking the thread over. Certainly I'm not going to invent my own mailing list and post it there, and then post here to advertise it. I doubt such a discussion will be all that welcome on the upstream mailing list. > Or is this just increasing our maintenance, and security tracking, etc > burdens without any strong benefits? I don't think that it is necessary to have a cost/benefit analysis anytime somebody wants to introduce a new package in the tree. Gentoo tends to be about making new alternatives available to users. As long as hasufell is willing to do the work necessary to add the necessary USE flags and blockers I don't see the harm in having this in the tree. If upstreams switch to requiring this library exclusively and thus become incompatible with other upstreams which do not, that is something that will affect us whether or not we allow libressl in the tree (see ffmpeg/libav). I think it was fair to pause to see if somebody could come up with a better solution that allows co-existence, but absent that I don't see any benefit from keeping libressl out of the tree. We'll just experience all the downsides of the fork without the upsides. It might very well cost some of hasufell's time to maintain it, but that is time he is freely offering, and it isn't like turning him away is going to encourage him to spend more time on other Gentoo features. Cost/benefit for a volunteer distro isn't a zero-sum game the way it is if you're a manager of a 50-person development team. I'd love to see somebody come out with a better solution for this sort of thing, and it probably would need to be bigger than Gentoo to be truly effective. However, until such a solution comes along I don't see the benefit of further delay. That's just my two cents. -- Rich
