Michał Górny wrote:
> > net-misc/openntpd
>
> I've just tested it and it builds fine against dev-libs/libretls.
I hope you're not planning to suggest that dev-libs/libretls should
be the only libtls on Gentoo, since that would be an arbitrary and
artificial limitation - the very opposite of choice. I'm strongly
against that.
Jaco Kroon wrote:
> > I'm asking to stop doing that, yet still enable the choice between
> > openssl and libressl where that is possible without patches, even
> > if that's only openntpd and one other package.
>
> Are you willing to put in the work to allow installing openssl and
> libressl concurrently on the same system?
I'm willing to help. I know that it's one or the other. And I have
experience with distributions making arbitrary decisions about libraries,
and I think I have an idea about the challenges and possibilities.
> The only real solution then to make libressl viable is to make it
> co-exist with openssl reliably.
Ack.
> Of course there are various strategies (or combination of), to mention
> but a few:
>
> 1. Use a virtual/??? (but since the APIs aren't compatible despite the
> libressl promise thereto ...)
> 2. Install them into different prefixes (eg /usr/lib/openssl +
> /usr/lib/libressl and have the linker link to a specific version,
> /usr/include/{openssl,libressl} too).
> 3. Make ssl USE flag another single-choice USE_EXPAND, posibly by way
> of openssl.eclass.
These are all interesting and I think worth exploring! But also
non-trivial, so maybe better saved for later?
What do you think about my suggestion in a previous email to have the
libressl ebuild install only libtls .so and .a files built from static
libs/objects, so that there are no conflicting shared objects?
I can certainly help accomplish that if there is interest.
> would be in willing and in support of updating the packages I maintain
> to assist with libressl support if the eco system can be improved.
Cool! I really appreciate your openness. I'm asking essentially to
keep options open, so that the ecosystem can be improved step by step.
Thanks
//Peter
