Michał Górny wrote: > I would like to discuss the possibility of discontinuing LibreSSL > support in Gentoo in favor of sticking with OpenSSL.
I think that's a horrible idea, since Gentoo is about choice and this particular component is one of the most important in a system. But "support" can mean different things... > LibreSSL users, does LibreSSL today have any benefit over OpenSSL? Yes, at least two: A. It is a distinct implementation with probably /quite some/ stable compatibility, meaning that it will work perfectly fine as an alternative in many cases. B. It brings its own TLS API, a unique feature which by itself warrants the package. > All this considered, provided that nobody is able to find a good reason > to use LibreSSL, I would like to propose that we stop patching > packages, discontinue support for it and last rite it. There is no reason at all to do all three of those atomically: 1. Stop patching packages to make them build also against libressl 2. Stop maintaining libressl-*.ebuild 3. package.mask I think the complaint is really only about 1. and I can understand that the effort here outweighs the perceived benefit, that's fine, I don't think it's the responsibility of Gentoo developers to patch the world to build also against libressl. But as long as a single package can be built with either openssl or libressl without changes I consider it appropriate to maintain both libressl ebuilds and either virtual/openssl or another way to decide system-wide to use libressl instead of openssl. This remains very valuable especially for non-releng stages. More elaborate OpenSSL API users can (arguably should) just block on libressl instead of requiring patch work. //Peter