On Wed, May 08, 2019 at 10:13:38PM +0000, Zakharychev, Bob wrote:
> I wouldn't bother even trying to add support for BoringSSL - they themselves
> discourage people from doing so in their mission statement:
> "Although BoringSSL is an open source project, it is not intended for general
> use, as OpenSSL is. We don't recommend that third parties depend upon it.
> Doing so is likely to be frustrating because there are no guarantees of API
> or ABI stability.
> Programs ship their own copies of BoringSSL when they use it and we update
> everything as needed when deciding to make API changes. This allows us to
> mostly avoid compromises in the name of compatibility. It works for us, but
> it may not work for you."

These are pretty valid points! Actually I'd say that we know some people
do use BoringSSL with haproxy and provide regular fixes for it, so the
maintenance cost for others remains low. If it starts to break here and
there, or to trigger false alarms on the CI, then it will be time to 1)
remove it from the CI, and maybe 2) stop supporting it. But as long as
it works it's an inexpensive indicator of the probability of forthcoming
user reports ;-)


Reply via email to