On 6/5/2014 4:02 PM, Miod Vallat wrote:
Now you have and example of how they are unwilling to work with you next time someone asks why not work with OpenSSL on fixing it. Pretty direct proof.
The culture gap between OpenSSL and OpenBSD/LibreSSL is UNFIXABLE.
We believe in peer review; they don't give a sh*t about it (as shown less than a month ago by the way their #3317 bug was fixed, commiting a different fix from the proposed one and introducing a stupid *and obvious* bug in the process - which got fixed the next day after otto@ mentioned it to the OpenSSL developers).
If you can't trust people to apply one-liner fixes correctly, can you trust them for anything serious?
*I* know that. Yet every time someone interviews someone from OpenBSD about LibreSSL it's always "Why fork it? Why not work with them?" This is a nice succinct example about how OpenSSL has no interest in working with you. Not that we really want them to after looking at the code base.
--Kurt
