On Wed, May 11, 2016 at 7:05 PM, Antti Kantee <[email protected]> wrote: > Hi, > > I disabled openssl from the Rumprun base build and added libressl to > rumprun-packages. The motivation for the change is probably obvious: there > is a continuous stream of vulnerabilities in ssl, and this way it's much > easier to update ssl to a non-vulnerable version. Incidentally, feel free to > update the package without warning. Also, I wouldn't mind a few > co-maintainers for the package. >
Ah! I didn't catch up with all my mails and ended up wasting time thinking why openssl is unavailable in my build. > I would've wanted to add openssl to rumprun-packages to minimize the > variables in one step, but I couldn't figure out the openssl build system, > so libressl it was. I did add a "which flavour to prefer" toggle, in case > someone some days wants to figure out the openssl build system. > > There will probably be some fallout. I'll add ssl package dependencies as I > find them, most of them hopefully after the next autobuild. > Erlang uses openssl as a default ssl library and I am not too sure whether it can play well with libressl. Having said that I see a couple of options. 1. Try to see whether libressl can be used within the Erlang build. 2. Add support for openssl in rumprun. I don't have a clue which one will be faster but adding openssl to rumprun will definitely be better for other applications as well, while libressl to Erlang may not be much useful to the community in general. Any pointers will jumpstart my effort to take option-2. -Neeraj
