[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

On Sat, Jul 12, 2014 at 01:53:45PM +0200, Toni Mueller wrote:
> Hi Kurt,
> On Sat, Jul 12, 2014 at 01:25:47PM +0200, Kurt Roeckx wrote:
> > What are you doing with the binaries, include files, man pages,
> > ...?  Will they conflict with the ones from openssl?
> my intention is to package this stuff so one can have both openssl and
> libressl installed in parallel. libressl currently has libraries with
> these sonames:
> libssl.so.26
> libcrypto.so.29

I don't really like it, since it could potentionally clash with
the ones provided by openssl.  But it seems unlikely that openssl
will ever use that as soname.

I had the feeling openbsd didn't care much about ABI stability,
and that being at 26 and 29 already doesn't give me a good feeling
either.  I hope you don't have to go and change the binary package
names each time you upload a new version.

> > If you're interested in maintaining such a package, why did you
> > never respond to the RFH for openssl?
> There are a number of reasons for that, but one has been that I was
> unhappy about the perceived 'closedness' of the project

I was never very happy with it either.  But it has very recently
changed, and I think it's going in the right direction.  I'm now
also in the openssl development team.

> I generally trust
> the OpenBSD folks, who are the vast majority behind LibreSSL, much more
> with respect to their ability to understand security and pursuing a "no
> backdoors" philosophy than most other people.

I'm not really sure what you mean by this.  I'm pretty sure the
openssl development team has a pretty good understanding of
security and I don't see anybody adding a backdoor in it.

> FWIW, I have well over a
> decade of very good experience with OpenBSD

Not everybody has the same experience with them.

> although I prefer Debian
> for most purposes, including a general slant towards "copyleft" (GPL)
> instead of "copyright" (BSD). They simply provide one of the, or the
> one, most viable alternatives to OpenSSL, thus helping to break down the
> obviously unhealthy monopoly that currently is OpenSSL.

I think GnuTLS is actually a better alternative and wish there
were more people developing and using it.

> @Kurt: That should imho go to devel@, not only to you and the BTS.

I did intend to send it to the list, but forgot to Cc it, so doing
that now.


Reply to: