On Tue, 2020-12-29 at 22:41 +0000, Peter Stuge wrote: > Michał Górny wrote: > > > I would be happier if some other developers were able and willing > > > to > > > participate actively in the LibreSSL project. > > > > But why would they do that? What I'm really missing in all the > > replies > > is a single reason why LibreSSL would be better for anyone. > > Maybe because it is so well-known that monoculture is harmful per se, > which is why the commitment to choice in Gentoo is very valuable. > > Further, LibreSSL comes out of the OpenBSD project, which has a good > reputation on code quality.
Like strong-arming 99% of the users of OpenSSH because they were unwilling to port to the OpenSSL 1.1 API, fully well knowing that most of the OpenSSH consuming world doesn't actually use libressl? How is explicitly tying OpenSSH to libressl not a form of monoculture? If you want to provide an alternative, you have to subsume the API, not make it superficially compatible, only to find out that the you need to mask out a ton of stuff with macros. Case in point: Have you tried using the official libjpeg package instead of libjpeg-turbo? Go ahead, give it a try. "Monoculture"s are mostly a coincidence, not some sinister conspiracy. Implementation-diversity-but-API-compatibility is mostly a pipe dream, as libav, imagemagick, libjpeg have shown.