Am Dienstag, 29. Dezember 2020, 13:29:35 EET schrieb Peter Stuge: > I agree completely that it's unreasonable for Gentoo (worse, 1 person!) > to continuosly patch the entire world for libressel. > > I'm asking to stop doing that, yet still enable the choice between > openssl and libressl where that is possible without patches, even > if that's only openntpd and one other package.
a) The two cannot be installed concurrently. To fix that would require even more hacks. -> all relevant ssl consumers on the user's system must be linked against the one selected b) The libraries are not guaranteed to be binary compatible, so switching implementation requires rebuilding consumers. Especially since this is a security-sensitive package. -> all relevant ssl consumers on the user's system must be *built* against the one selected Which leads us to c) If a single package that the user wants to install is not "fixed" for one ssl library, it blocks that option for all packages. -> horrible (but real and justified) emerge blockers and general hilarity ensue I guess if you can come up with a solution that * provides secure usage of the libraries, * provides choice to the user, and * doesn't lead to unupgradeable systems or unresolvable dependencies we'd all be happier. So far we haven't found one. -- Andreas K. Hüttel dilfri...@gentoo.org Gentoo Linux developer (council, qa, toolchain, base-system, perl, libreoffice)
