Excerpt from Michał Górny and previous post:

> > Further, LibreSSL comes out of the OpenBSD project, which has a good
> > reputation on code quality.

> I could buy that if it actually said anything about LibreSSL code
> quality.  So far you're guessing that it might or might not, especially
> given it is forked from an apparently 'inferior quality' code.

> However, I do have serious doubts about LibreSSL quality given that:

> 1. Non-OpenBSD systems are not first class citizens, as you yourself
> pointed out.

> 2. The library is an intrusive replacement for OpenSSL.  In the default
> setup, it is neither co-installable with OpenSSL, nor a drop-in
> replacement.

> 3. The upstream declares OpenSSL version constants pretty randomly,
> without actually matching OpenSSL API.

> 4. The upstream has actively tried to force people into using their
> product by tight coupling and forced incompatibility.

> 5. Apparently nobody is issuing CVEs for LibreSSL while
> the vulnerabilities clearly do happen.

My limited experience with OpenBSD does not give credence to their code quality.

Latest experience was from liveusb-openbsd.sourceforge.net.

I was able to download the image and write to 64 GB USB stick.

I managed to get it to boot, but couldn't find my way around.

It couldn't read my GPT-partitioned hard drive, and I was not about to take big 
risks regarding my data.

OpenBSD fdisk is quite primitive compared to NetBSD (gpt), FreeBSD (gpart), 
Linux (gdisk: also available for FreeBSD, Windows and macOS).

OpenBSD seems to have dubious compatibility with NetBSD, FreeBSD and Linux 
software packages, and is not good at peaceful coexistence with NetBSD, 
FreeBSD, Linux and probably other OSes on the hard drive.

I looked in NetBSD pkgsrc, FreeBSD ports, Gentoo portage, and Void Linux 
packages, and libressl was there, which is not to say how compatible it is or 
how much patching is needed.


Reply via email to