On Nov 10, 2015, at 6:11 AM, René J.V. Bertin wrote: > On Tuesday November 10 2015 04:46:50 Ryan Schmidt wrote: > >>> No, but if the ABIs are indeed not compatible there is no other solution, >>> is there? >> >> What has currently be done with libressl in MacPorts is a bug, not a >> solution. > > ?? Why? > It leaves the educated user with a choice regardless of which of openssl or > libressl is the default/preferred flavour. That is always a good thing IMHO.
It is a bad thing when users who exercise a choice run into problems that they don't understand, which causes things not to work for them, which causes them to contact us, which increases our support burden, e.g.: https://trac.macports.org/ticket/49644 It is better to offer fewer (or no) choices if that means a higher likelihood that things will just work. >> It might be better to take the choice away from the user and just make a >> decision that we want libressl to be our default ssl library in MacPorts. >> Change the libressl and openssl ports so that they do not conflict, but >> rather install in different locations. > > You think that won't impose extra effort on port maintainers? It seems *ssl > is expected to be found via pkgconfig; as long as dependent ports aren't all > written to search for either libressl or openssl (and the projects themselves > modified to support parallel installation OOTB) you're still going to have > the need for libssl.pc and libcrypto.pc files. Those must either be in the > "global" pkgconfig directory, or else you'll need to use `configure.env` to > point to the dedicated pkgconfig dir of current choice, which means > introducing and maintaining a PortGroup. So put the "default" ssl implementation in the default location, and put the other one some place else for those few ports that actually need the other one. > What would the argument be to switch MacPorts to use libressl by default? They seem to have good goals: http://www.libressl.org/goals.html It should result in a better ssl library, with fewer opportunities for vulnerabilities to be discovered, which should be good for everyone. But if we're not interested in making libressl a prominent part of MacPorts, why was it added to MacPorts? It was originally requested by someone who wanted to use libressl as a replacement for openssl in all ports: https://trac.macports.org/ticket/44313 _______________________________________________ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
