[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

On 07/12/2014 08:46 PM, Toni Mueller wrote:
> As libressl is currently under
> heavy development, it is imho not to be expected to have that stable ABI
> you are asking for.

Well, I don't agree with this view. If LibreSSL pretends to be a
replacement for OpenSSL, then they should care about being ABI
compatible, so we can easily switch from one implementation to the
other. Just like for MariaDB / MySQL in fact (not sure if these are
still ABI compatible though). If that's not the case, then it looses a
lot of its purpose. As Kurt wrote, GNUTLS becomes a better alternative then.

> OTOH, one guy already switched his entire Linux
> system over, so far with no visible adverse effects.

And then? This gives no clue if he had to rebuild everything that
build-depended on OpenSSL...

On 07/13/2014 01:15 AM, Russ Allbery wrote:
> If you start using both for different packages, then you end up with
> shared libraries conflicting over which libssl they want to use, and
> then bad things start happening.

Exactly! I fully agree with you on this. This reminds me issues I had
with mod-log-sql linked to MySQL and php as well, and when they were
built against different versions... BOOM! I certainly do *not* want this
kind of things to happen in Debian. Therefore, I'd very much prefer if
we used OpenSSL *or* LibreSSL, but not have the choice between the 2,
otherwise, that's a recipe for disaster.

Please don't upload LibreSSL to Sid *ever*, unless we collectively
decide that we are switching away from OpenSSL (and for which a
discussion would have to start).


Thomas Goirand (zigo)

Reply to: