Re: OpenSSL vs. LibreSSL (OpenBSD)
Isn't the latest news that Googleco and the linux foundation setup a construction that these vital opensource projects get the proper funding. Meaning more man power and hopefully less bugs ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 25 Apr 2014, at 09:16, Matthias Gamsjager mgamsja...@gmail.com wrote: Isn't the latest news that Googleco and the linux foundation setup a construction that these vital opensource projects get the proper funding. Meaning more man power and hopefully less bugs Yes, there's effort to improve OpenSSL from there, there's the LibreSSL project from OpenBSD and there's a from-scratch reimplementation of SSL in the Cambridge Computer Lab that's intended for easy verification[1], and Apple's CommonCrypto (which, in light of goto fail, might not be the best choice), so there are going to be a lot of choices in time for 11. There are very few users of OpenSSL in the base system (7, I think), so rewriting them to use less error-prone APIs would be feasible - a 100% OpenSSL-compatible API is not necessarily a requirement for a base-system SSL library. so@ and secteam@ get to make the final call on what we should be shipping, because they're the ones that will have to suffer from the fallout the next time there's a vulnerability. David [1] It's written in OCaml, but can have C APIs and can probably be compiled into C. C that is machine generated from a typesafe language is a lot less likely to contain memory management bugs than C that is generated by a human... ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On Fri, Apr 25, 2014 at 10:16 AM, Matthias Gamsjager mgamsja...@gmail.com wrote: Isn't the latest news that Googleco and the linux foundation setup a construction that these vital opensource projects get the proper funding. Meaning more man power and hopefully less bugs. It remains to be seen which of LibreSSL vs a freshly funded OpenSSL ends up being the better alternative. If it comes to that, porting LibreSSL to FreeBSD ought to be quick work; it should be reasonably stand-alone code, and they're working to remove as many as possible of the weird/old/incompatible bits. It's not like our and their libc are massively different either, so ... cautiously optimistic that it'll be a one-day job to get it compiling on FreeBSD by the time they feel done. :) -- Daniel Nebdal ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
Not per se more but with money it can become someones full-time job. No sure about LibreSSL. Wouldn't it be easier and keeping in mind that money and resources are scares in the BSD camps to use the, hopefully, heavily funded openSSL? On Fri, Apr 25, 2014 at 10:46 AM, Zack Gold z...@linux.com wrote: More money does not necessarily mean more manpower, but it's a good start. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
An important thing to note here is motive. The Linux Foundation is housing this Core Infrastructure Initiative project, and so they are the ones who get all the money. The Initiative's funds will be administered by the Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. So, it might be in the interest of these people to not necessarily fix bugs. They might be interested in other things, like ownership. Though, this may be a bit irrational. On Fri, Apr 25, 2014 at 4:56 AM, Matthias Gamsjager mgamsja...@gmail.com wrote: Not per se more but with money it can become someones full-time job. No sure about LibreSSL. Wouldn't it be easier and keeping in mind that money and resources are scares in the BSD camps to use the, hopefully, heavily funded openSSL? On Fri, Apr 25, 2014 at 10:46 AM, Zack Gold z...@linux.com wrote: More money does not necessarily mean more manpower, but it's a good start. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 04/24/14 23:41, Alfred Perlstein wrote: On 4/24/14, 1:35 PM, O. Hartmann wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? oh We need to discuss the use of comic sans font across our web properties first. And, by the way, did they really use a blink tag in their project home page :D -- Guido Falsi m...@madpilot.net ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 2014-04-25 10:57, Guido Falsi wrote: On 04/24/14 23:41, Alfred Perlstein wrote: On 4/24/14, 1:35 PM, O. Hartmann wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? oh We need to discuss the use of comic sans font across our web properties first. And, by the way, did they really use a blink tag in their project home page :D They did really use a blink tag, then realized that in modern browsers like firefox and chrome, it doesn't do anything. So at some point later, they added some CSS to change the blink tag into a CSS animation that actually blinks. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 2014-Apr-25 05:00:38 -0400, Zack Gold z...@linux.com wrote: An important thing to note here is motive. The Linux Foundation is housing this Core Infrastructure Initiative project, and so they are the ones who get all the money. The Initiative's funds will be administered by the Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. So, it might be in the interest of these people to not necessarily fix bugs. They might be interested in other things, like ownership. Though, this may be a bit irrational. It has occurred to me that Linux (in general, not the Foundation) contains a number of religious zealots and the current OpenSSL license is not in keeping with their religion. And there have been previous cases where portable open source software has passed into the maintainership of Linux groups and had all the cross-platform code excised to make it Linux-only. -- Peter Jeremy pgpwNAwcA6h9m.pgp Description: PGP signature
OpenSSL vs. LibreSSL (OpenBSD)
It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? oh signature.asc Description: PGP signature
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 4/24/14, 1:35 PM, O. Hartmann wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? oh We need to discuss the use of comic sans font across our web properties first. -Alfred ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On Thu, Apr 24, 2014 at 2:41 PM, Alfred Perlstein bri...@mu.org wrote: On 4/24/14, 1:35 PM, O. Hartmann wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? oh We need to discuss the use of comic sans font across our web properties first. -Alfred You, sir, win 2 internets. - Justin ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 04/24/14 17:41, Alfred Perlstein wrote: On 4/24/14, 1:35 PM, O. Hartmann wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? oh We need to discuss the use of comic sans font across our web properties first. At bottom in small font: This page scientifically designed to annoy web hipsters. Donate now http://www.openbsdfoundation.org/donations.html to stop the Comic Sans and Blink Tags :) ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On 24 Apr 2014, at 22:35, O. Hartmann ohart...@zedat.fu-berlin.de wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? Wouldn't it be wiser to wait and see what comes out of this project? :) Besides, they're first making it for OpenBSD only (which is completely reasonable), porting it will come even later. If you want to contribute to LibreSSL now, I think the best you can do is to donate money. They don't seem to need more programmers... :) -Dimitry signature.asc Description: Message signed with OpenPGP using GPGMail
Re: OpenSSL vs. LibreSSL (OpenBSD)
There is info feed also http://opensslrampage.org/ Too early to say what will come out of it, but has some promising qualities certainly. -- View this message in context: http://freebsd.1045724.n5.nabble.com/OpenSSL-vs-LibreSSL-OpenBSD-tp5906272p5906317.html Sent from the freebsd-current mailing list archive at Nabble.com. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On Apr 24, 2014, at 4:08 PM, Dimitry Andric d...@freebsd.org wrote: On 24 Apr 2014, at 22:35, O. Hartmann ohart...@zedat.fu-berlin.de wrote: It seems that OpenBSD is now forking their own SSL implementation, called LibreSSL. As OpenBSD speaks for many similar opinion regarding the state of the code of OpenSSL, I'd like to hear what the plans are in FreeBSD for this critical portion of software. Is FreeBSD going to support the effords taken by OpenBSD and participating in the LibreSSL development (http://www.libressl.org/)? Wouldn't it be wiser to wait and see what comes out of this project? :) Besides, they're first making it for OpenBSD only (which is completely reasonable), porting it will come even later. If you want to contribute to LibreSSL now, I think the best you can do is to donate money. They don't seem to need more programmers... :) Well, need and want are two different things. So far all I’ve seen is a lot of trash talk and no track record. It would wiser, as you suggest, to wait and see where they wind up. Warner ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org
Re: OpenSSL vs. LibreSSL (OpenBSD)
On Thu, Apr 24, 2014 at 03:05:40PM -0700, Justin Hibbits wrote: We need to discuss the use of comic sans font across our web properties first. -Alfred You, sir, win 2 internets. - Justin seconded. ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org