Alessandro Barbieri wrote: > > Obviously this will only be useful for packages wanting to statically link > > with libressl lib{crypto,ssl} > > There is an ongoing effort to remove static libraries from packages.
I know, and I couldn't disagree more with that effort. > > but I think that's far better than removing libressl. > > No, it's not better, it's more work for the security team. The security team isn't be responsible for what people do. Flip side: The security team is also not entitled to decide what people can and can not do. Security is a policy and technology generally needs to avoid forcing policy onto humans, but enable human decisions. You can tell that I value choice. It's certainly a good default to use shared libraries, but it's no good at all to hamper legitimate functionality under a guise of security. That's a far too common and really diseased pattern throughout society, and it makes me sad that it proliferates also in Gentoo. //Peter