Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
On Sat, Jul 12, 2014 at 01:53:45PM +0200, Toni Mueller wrote:
> Hi Kurt,
> On Sat, Jul 12, 2014 at 01:25:47PM +0200, Kurt Roeckx wrote:
> > What are you doing with the binaries, include files, man pages,
> > ...? Will they conflict with the ones from openssl?
> my intention is to package this stuff so one can have both openssl and
> libressl installed in parallel. libressl currently has libraries with
> these sonames:
I don't really like it, since it could potentionally clash with
the ones provided by openssl. But it seems unlikely that openssl
will ever use that as soname.
I had the feeling openbsd didn't care much about ABI stability,
and that being at 26 and 29 already doesn't give me a good feeling
either. I hope you don't have to go and change the binary package
names each time you upload a new version.
> > If you're interested in maintaining such a package, why did you
> > never respond to the RFH for openssl?
> There are a number of reasons for that, but one has been that I was
> unhappy about the perceived 'closedness' of the project
I was never very happy with it either. But it has very recently
changed, and I think it's going in the right direction. I'm now
also in the openssl development team.
> I generally trust
> the OpenBSD folks, who are the vast majority behind LibreSSL, much more
> with respect to their ability to understand security and pursuing a "no
> backdoors" philosophy than most other people.
I'm not really sure what you mean by this. I'm pretty sure the
openssl development team has a pretty good understanding of
security and I don't see anybody adding a backdoor in it.
> FWIW, I have well over a
> decade of very good experience with OpenBSD
Not everybody has the same experience with them.
> although I prefer Debian
> for most purposes, including a general slant towards "copyleft" (GPL)
> instead of "copyright" (BSD). They simply provide one of the, or the
> one, most viable alternatives to OpenSSL, thus helping to break down the
> obviously unhealthy monopoly that currently is OpenSSL.
I think GnuTLS is actually a better alternative and wish there
were more people developing and using it.
> @Kurt: That should imho go to devel@, not only to you and the BTS.
I did intend to send it to the list, but forgot to Cc it, so doing