On Jan 11 07:07:42, [email protected] wrote: > > On Jan 10, 2018, at 14:49, Jan Stary wrote: > > > On Jan 09 09:40:23, Blair Zajac wrote: > >> https://boringssl.googlesource.com/boringssl/ > >> > >> "Although BoringSSL is an open source project, it is not intended for > >> general use, as OpenSSL is. We don't recommend that third parties depend > >> upon it. Doing so is likely to be frustrating because there are no > >> guarantees of API or ABI stability.” > >> > >> If projects link statically against an SSL library, then BoringSSL maybe > >> fine, but probably not as a shared library used by many packages. > > > > As opposed to a static library used by many packages? > > Ideally, ports should not link with static libraries; they should link with > dynamic libraries. That way they receive bug fixes as soon as the port that > provides the library is updated.
Yes. But my note was regrding the suitabilty of LibreSSL/BoringSSL as an alternative to OpenSSL - that has nothing to do with static/shared - you can say the same about each of them.
