On Tue, 29 Dec 2020 23:34:36 +
Peter Stuge wrote:
> David Seifert wrote:
> > > Maybe because it is so well-known that monoculture is harmful per se,
> > > which is why the commitment to choice in Gentoo is very valuable.
> > >
> > > Further, LibreSSL comes out of the OpenBSD project, which
Excerpt from MichaŠGórny and previous post:
> > Further, LibreSSL comes out of the OpenBSD project, which has a good
> > reputation on code quality.
> I could buy that if it actually said anything about LibreSSL code
> quality. So far you're guessing that it might or might not, especially
>
On 12/29/20 6:06 PM, David Seifert wrote:
>
> If you want to provide an alternative, you have to subsume the API, not
> make it superficially compatible, only to find out that the you need to
> mask out a ton of stuff with macros.
Agreed. If libressl hadn't failed on this point, we would not
On 12/29/20 5:41 PM, Peter Stuge wrote:
> Michał Górny wrote:
>>> I would be happier if some other developers were able and willing to
>>> participate actively in the LibreSSL project.
>>
>> But why would they do that? What I'm really missing in all the replies
>> is a single reason why LibreSSL
> > a) The two cannot be installed concurrently. To fix that would require
> > even
> > more hacks.
>
> As we've discussed in another part of the thread, that's not really true.
> Both can for sure be installed, just not in the same place and/or
> with same names.
Exactly that is what would
On Wed, 2020-12-30 at 11:41 +0100, m1027 wrote:
> mgorny:
>
> > On Tue, 2020-12-29 at 16:12 +0100, Toralf Förster wrote:
> > > On 12/29/20 2:57 PM, m1027 wrote:
> > > > - removing libressl, installing openssl, maybe wget then, followed
> > > > by the rest?
> > > remove is sufficient b/c emerge
mgorny:
> On Tue, 2020-12-29 at 16:12 +0100, Toralf Förster wrote:
> > On 12/29/20 2:57 PM, m1027 wrote:
> > > - removing libressl, installing openssl, maybe wget then, followed
> > > by the rest?
> > remove is sufficient b/c emerge then immediately advices a
> > @preserved-rebuild - at least
On Wed, 2020-12-30 at 09:08 +0100, Marcel Schilling wrote:
> On Tue, Dec 29, 2020 at 11:31:32PM +0100, Michał Górny wrote:
> > What I'm really missing in all the replies is a single reason why
> > LibreSSL would be better for anyone. Not 'it's an alternative', not
> > 'I don't trust' but a real
On Tue, Dec 29, 2020 at 11:31:32PM +0100, Michał Górny wrote:
> What I'm really missing in all the replies is a single reason why
> LibreSSL would be better for anyone. Not 'it's an alternative', not
> 'I don't trust' but a real proper, verifiable argument 'LibreSSL is
> better in this regard'.
We could clearly discuss forever, but since you refuse to engage with
my constructive proposition and my ask for feedback there's no point,
is there? It's super sad that you behave like that in Gentoo.
Michał Górny wrote:
> Choice for the sake of choice is meaningless.
Far from it.
> So far
On Tue, 2020-12-29 at 22:41 +, Peter Stuge wrote:
> Michał Górny wrote:
> > > I would be happier if some other developers were able and willing
> > > to
> > > participate actively in the LibreSSL project.
> >
> > But why would they do that? What I'm really missing in all the
> > replies
> >
David Seifert wrote:
> > Maybe because it is so well-known that monoculture is harmful per se,
> > which is why the commitment to choice in Gentoo is very valuable.
> >
> > Further, LibreSSL comes out of the OpenBSD project, which has a good
> > reputation on code quality.
>
> Like strong-arming
On Tue, 2020-12-29 at 22:41 +, Peter Stuge wrote:
> Michał Górny wrote:
> > > I would be happier if some other developers were able and willing
> > > to
> > > participate actively in the LibreSSL project.
> >
> > But why would they do that? What I'm really missing in all the
> > replies
> >
Michał Górny wrote:
> > I would be happier if some other developers were able and willing to
> > participate actively in the LibreSSL project.
>
> But why would they do that? What I'm really missing in all the replies
> is a single reason why LibreSSL would be better for anyone.
Maybe because
On Wed, 2020-12-30 at 01:00 +0300, Stefan Strogin wrote:
> I would be happier if some other developers were able and willing to
> participate
> actively in the LibreSSL project. But if not, not.
> Just make the transition as painless as possible.
But why would they do that? What I'm really
Matt Turner wrote:
> > I think many mails in this thread suffer from some tunnel vision, expecting
> > that a libressl ebuild in the tree must continue to work exactly like the
> > openssl ebuild - I'm saying to stop that but do keep a libressl ebuild.
To clarify, by "stop that" I mean "stop
Hi,
On 28/12/2020 11:56, Michał Górny wrote:
> Hello, developers and Gentoo LibreSSL team.
>
> TL;DR: is there really a point in continuing the never-ending always-
> regressing struggle towards supporting LibreSSL in Gentoo?
>
I don't agree.
I have asked ~20 users who made any contributions
On Tue, Dec 29, 2020 at 2:47 PM Peter Stuge wrote:
>
> Andreas K. Huettel wrote:
> > > I agree completely that it's unreasonable for Gentoo (worse, 1 person!)
> > > to continuosly patch the entire world for libressel.
> > >
> > > I'm asking to stop doing that, yet still enable the choice between
The bindist flags in openssl + openssh were for elliptic curve support,
as people were concerned about patents.
I'm almost certain this affects libressl just the same way, probably
just noone ever bothered to care.
The bindist flags should probably be reviewed and likely removed.
According to
Andreas K. Huettel wrote:
> > I agree completely that it's unreasonable for Gentoo (worse, 1 person!)
> > to continuosly patch the entire world for libressel.
> >
> > I'm asking to stop doing that, yet still enable the choice between
> > openssl and libressl where that is possible without
On Tue, Dec 29, 2020 at 01:24:33PM +0100, Michał Górny wrote:
> As noted in another fork of this thread, libtls is now provided
> by dev-libs/libretls which works against OpenSSL.
The latest version of libressl also supports linking libtls statically
against libssl and libcrypto, allowing it to
On Tue, Dec 29, 2020 at 02:57:12PM +0100, m1027 wrote:
> > > On 29 Dec 2020, at 09:13, Marcel Schilling
> > > wrote:
> > >
> > > I just want to comment that I switched to LibreSSL on several
> > > Gentoo systems years ago and never had any major issues. I run
> > > both desktop and server
Am Dienstag, 29. Dezember 2020, 13:29:35 EET schrieb Peter Stuge:
> I agree completely that it's unreasonable for Gentoo (worse, 1 person!)
> to continuosly patch the entire world for libressel.
>
> I'm asking to stop doing that, yet still enable the choice between
> openssl and libressl where
On 12/29/20 7:15 PM, Michał Górny wrote:
I'm not sure if you meant it but it reads as if you were talking about
removing the package. This is incorrect.
You need to disable the USE flag and then --changed-use (or --newuse)
rebuild everything with the flag. If the depgraph is clean, emerge
On 12/29/20 7:10 PM, m1027 wrote:
toralf:
On 12/29/20 2:57 PM, m1027 wrote:
- removing libressl, installing openssl, maybe wget then, followed
by the rest?
remove is sufficient b/c emerge then immediately advices a
@preserved-rebuild - at least that's the way it works here at the
On Tue, 2020-12-29 at 16:12 +0100, Toralf Förster wrote:
> On 12/29/20 2:57 PM, m1027 wrote:
> > - removing libressl, installing openssl, maybe wget then, followed
> > by the rest?
> remove is sufficient b/c emerge then immediately advices a
> @preserved-rebuild - at least that's the way it
toralf:
> On 12/29/20 2:57 PM, m1027 wrote:
> > - removing libressl, installing openssl, maybe wget then, followed
> >by the rest?
>
> remove is sufficient b/c emerge then immediately advices a
> @preserved-rebuild - at least that's the way it works here at the
> tinderbox (in the opposite
On 12/29/20 2:57 PM, m1027 wrote:
- removing libressl, installing openssl, maybe wget then, followed
by the rest?
remove is sufficient b/c emerge then immediately advices a
@preserved-rebuild - at least that's the way it works here at the
tinderbox (in the opposite direction FWIW)
--
On Tue, 2020-12-29 at 14:57 +0100, m1027 wrote:
> > > On 29 Dec 2020, at 09:13, Marcel Schilling
> > > wrote:
> > >
> > > I just want to comment that I switched to LibreSSL on several
> > > Gentoo systems years ago and never had any major issues. I run
> > > both desktop and server systems with
> TL;DR: is there really a point in continuing the never-ending always-
> regressing struggle towards supporting LibreSSL in Gentoo?
>
> I would like to discuss the possibility of discontinuing LibreSSL
> support in Gentoo in favor of sticking with OpenSSL.
From a team member and initial
> > On 29 Dec 2020, at 09:13, Marcel Schilling
> > wrote:
> >
> > I just want to comment that I switched to LibreSSL on several
> > Gentoo systems years ago and never had any major issues. I run
> > both desktop and server systems with LibreSSL, based on X and
> > Wayland. The only issues I ran
David Seifert wrote:
> > > I mean, you have to explicitly support the choice in ebuilds,
> > > and this means making things even harder for newcomers.
> >
> > pkg-config/pkgconf and .pc files can help with this part, taking care
> > of all abstraction if/when downstream uses a libressl.pc.
>
>
вт, 29 дек. 2020 г. в 13:33, David Seifert :
>
> On Tue, 2020-12-29 at 13:21 +, Peter Stuge wrote:
> > Michał Górny wrote:
> > > > 2. Install them into different prefixes (eg /usr/lib/openssl +
> > > > /usr/lib/libressl and have the linker link to a specific version,
> > > >
On Tue, 2020-12-29 at 13:21 +, Peter Stuge wrote:
> Michał Górny wrote:
> > > 2. Install them into different prefixes (eg /usr/lib/openssl +
> > > /usr/lib/libressl and have the linker link to a specific version,
> > > /usr/include/{openssl,libressl} too).
> >
> > For the record, this is
Michał Górny wrote:
> > 2. Install them into different prefixes (eg /usr/lib/openssl +
> > /usr/lib/libressl and have the linker link to a specific version,
> > /usr/include/{openssl,libressl} too).
>
> For the record, this is something I've been wondering about for a long
> time. However,
On Tue, 2020-12-29 at 14:39 +0200, Jaco Kroon wrote:
> 2. Install them into different prefixes (eg /usr/lib/openssl +
> /usr/lib/libressl and have the linker link to a specific version,
> /usr/include/{openssl,libressl} too).
For the record, this is something I've been wondering about for a long
Michał Górny wrote:
> > net-misc/openntpd
>
> I've just tested it and it builds fine against dev-libs/libretls.
I hope you're not planning to suggest that dev-libs/libretls should
be the only libtls on Gentoo, since that would be an arbitrary and
artificial limitation - the very opposite of
On Tue, 2020-12-29 at 13:41 +0100, Toralf Förster wrote:
> On 12/29/20 1:23 PM, Michał Górny wrote:
> > 2. Stuff that builds just fine but fails at runtime in
> > unpredictable
> > ways (e.g. Tor mentioned today).
>
> FWIW that's exactly what I do suffer from at my Tor relays.
>
> Beside that a
Michał Górny wrote:
> 1. Stuff that does not build against LibreSSL.
> 2. Stuff that builds just fine but fails at runtime in unpredictable
> ways (e.g. Tor mentioned today).
> 3. Stuff that builds and works 'fine' but ends up being crippled (e.g.
> doesn't support new algorithms).
>
> The first
On 12/29/20 1:23 PM, Michał Górny wrote:
2. Stuff that builds just fine but fails at runtime in unpredictable
ways (e.g. Tor mentioned today).
FWIW that's exactly what I do suffer from at my Tor relays.
Beside that a naive question: Wouldn't it be siufficient to just
have/keep the libressl
Hi Peter,
On 2020/12/29 13:29, Peter Stuge wrote:
> Michał Górny wrote:
>>> I'm sure that there are numerous cases where libressl doesn't work,
>>> but that's no reason to dismiss cases where it *does*.
>> Are you asking people to put an effort into maintaining something that
>> can't be
On Tue, 2020-12-29 at 06:33 +0100, David Haller wrote:
> Hello,
>
> On Mon, 28 Dec 2020, Michal Górny wrote:
> > The only problem that I can think of are packages that depend
> > on libressl specifically and do not support openssl. I don't think
> > we
> > have anything like that but I'll double
On Mon, 2020-12-28 at 21:42 +0100, Toralf Förster wrote:
> On 12/28/20 8:55 PM, Michał Górny wrote:
> > I might be wrong but I think the update should proceed cleanly with
> > --changed-use/--newuse.
>
> Maybe it is worth to tell people within the news item to run sth like
>
> emerge
On Mon, 2020-12-28 at 23:26 +0100, m1027 wrote:
> I've been kindly asked by a gentoo dev to send my two pence in here:
>
> peter:
>
> > Michał Górny wrote:
> >
> > > LibreSSL users, does LibreSSL today have any benefit over
> > > OpenSSL?
> >
> > Yes, at least two:
> >
> > [...]
> >
> > B.
On Tue, 2020-12-29 at 11:29 +, Peter Stuge wrote:
> Michał Górny wrote:
> > > I'm sure that there are numerous cases where libressl doesn't
> > > work,
> > > but that's no reason to dismiss cases where it *does*.
> >
> > Are you asking people to put an effort into maintaining something
> >
28.12.2020 11:56, Michał Górny пишет:
I would like to propose that we stop patching
packages, discontinue support for it and last rite it.
I second this.
I agree with the proposal to sunset LibreSSL.
Supporting it benefits very few users due to how non-universal the support of
this option is. I see it as entirely sensible choice on apps' upstreams part to
not collaborate on libressl support, motivation being focusing on more typical
user setups.
Michał Górny wrote:
> > I'm sure that there are numerous cases where libressl doesn't work,
> > but that's no reason to dismiss cases where it *does*.
>
> Are you asking people to put an effort into maintaining something that
> can't be practically installed?
No, I'm rather asking to change the
On December 29, 2020 4:39:06 AM EST, "Michał Górny" wrote:
>On Mon, 2020-12-28 at 23:18 +, Peter Stuge wrote:
>> Michał Górny wrote:
>> > > A. It is a distinct implementation with probably /quite some/
>> > > stable
>> > > compatibility, meaning that it will work perfectly fine as an
>> >
On Mon, 2020-12-28 at 23:18 +, Peter Stuge wrote:
> Michał Górny wrote:
> > > A. It is a distinct implementation with probably /quite some/
> > > stable
> > > compatibility, meaning that it will work perfectly fine as an
> > > alternative in many cases.
> >
> > Except that it doesn't, as has
> On 28 Dec 2020, at 10:02, Hanno Böck wrote:
>
> If it has any weight:
> I think I was the first person to build Gentoo with LibreSSL. I support
> this.
>
I’m pleased to have yours and blueness’ input. Really, I think going
is probably best. Just make it clear it can come back with some
new
> On 29 Dec 2020, at 09:13, Marcel Schilling
> wrote:
>
>
> I just want to comment that I switched to LibreSSL on several Gentoo
> systems years ago and never had any major issues.
> I run both desktop and server systems with LibreSSL, based on X and
> Wayland. The only issues I ran into is a
On Mon, Dec 28, 2020 at 11:33:36PM +0100, Michał Górny wrote:
> On Mon, 2020-12-28 at 22:00 +, Peter Stuge wrote:
> > Michał Górny wrote:
> > > LibreSSL users, does LibreSSL today have any benefit over OpenSSL?
> >
> > Yes, at least two:
> >
> > A. It is a distinct implementation with
Hello,
On Mon, 28 Dec 2020, Michal Górny wrote:
>The only problem that I can think of are packages that depend
>on libressl specifically and do not support openssl. I don't think we
>have anything like that but I'll double check.
A naive check finds these:
Depends unconditionally on
Michał Górny wrote:
> > A. It is a distinct implementation with probably /quite some/ stable
> > compatibility, meaning that it will work perfectly fine as an
> > alternative in many cases.
>
> Except that it doesn't, as has been proven numerous times.
I'm sure that there are numerous cases
On Mon, 2020-12-28 at 22:00 +, Peter Stuge wrote:
> Michał Górny wrote:
> > I would like to discuss the possibility of discontinuing LibreSSL
> > support in Gentoo in favor of sticking with OpenSSL.
>
> I think that's a horrible idea, since Gentoo is about choice and this
> particular
I've been kindly asked by a gentoo dev to send my two pence in here:
peter:
> Michał Górny wrote:
>
> > LibreSSL users, does LibreSSL today have any benefit over OpenSSL?
>
> Yes, at least two:
>
> [...]
>
> B. It brings its own TLS API, a unique feature which by itself warrants
> the
Michał Górny wrote:
> I would like to discuss the possibility of discontinuing LibreSSL
> support in Gentoo in favor of sticking with OpenSSL.
I think that's a horrible idea, since Gentoo is about choice and this
particular component is one of the most important in a system.
But "support" can
On 12/28/20 8:55 PM, Michał Górny wrote:
I might be wrong but I think the update should proceed cleanly with
--changed-use/--newuse.
Maybe it is worth to tell people within the news item to run sth like
emerge --fetchonly dev-libs/openssl net-misc/openssh net-misc/wget
before (to have at
On Mon, 2020-12-28 at 13:59 -0500, Anthony G. Basile wrote:
> On 12/28/20 3:56 AM, Michał Górny wrote:
> > Hello, developers and Gentoo LibreSSL team.
> >
> > TL;DR: is there really a point in continuing the never-ending
> > always-
> > regressing struggle towards supporting LibreSSL in Gentoo?
>
On 12/28/20 3:56 AM, Michał Górny wrote:
> Hello, developers and Gentoo LibreSSL team.
>
> TL;DR: is there really a point in continuing the never-ending always-
> regressing struggle towards supporting LibreSSL in Gentoo?
>
>
> I would like to discuss the possibility of discontinuing LibreSSL
>
If it has any weight:
I think I was the first person to build Gentoo with LibreSSL. I support
this.
I believe pretty much everything that LibreSSL originally was
(consistent codingstyle, cleanup of obsolete/dead code etc.) has
happened in OpenSSL these days. It's more that there's some myth
On lunedì 28 dicembre 2020 09:56:19 CET Michał Górny wrote:
> I would like to propose that we stop patching
> packages, discontinue support for it and last rite it.
+1
--
Agostino
63 matches
Mail list logo
