On 09/30/2015 02:10 PM, Kristian Fiskerstrand wrote: > On 09/30/2015 01:51 PM, Rich Freeman wrote: > >> I think it was fair to pause to see if somebody could come up with >> a better solution that allows co-existence, but absent that I >> don't see any benefit from keeping libressl out of the tree. >> We'll just experience all the downsides of the fork without the >> upsides. > > This is what worries me as well, as it increase workload and > complexity affecting multiple projects without any immediate and > obvious gain. >
I'm not sure if you have followed the link I just posted: https://en.wikipedia.org/wiki/LibreSSL#Security_and_vulnerabilities 0 vs 5 high severity vulnerabilities is a pretty obvious gain. And that's also one pretty good reason to not delay this like the git migration. If it was about me, I'd simply remove openssl from gentoo altogether to reduce maintenance load and avoid the choice-for-the-sake-of-choice situation, but it's not my package and not my call, so I basically don't care. Anyway, I feel like this thread is now definitely drifting offtopic, so I'm probably not going to follow much of this anymore. Feel free to ping me directly if there's something actually relevant.
