Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: Toni Mueller <toni@debian.org>
Cc: 754513@bugs.debian.org, debian-devel@lists.debian.org
Subject: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sat, 12 Jul 2014 14:15:13 +0200
Message-id: <[🔎] 20140712121513.GA18849@roeckx.be>
In-reply-to: <20140712115345.GA10308@spruce.wiehl.oeko.net>
References: <[🔎] 20140711220627.24261.14073.reportbug@spruce.wiehl.oeko.net> <20140712112547.GA17955@roeckx.be> <20140712115345.GA10308@spruce.wiehl.oeko.net>

On Sat, Jul 12, 2014 at 01:53:45PM +0200, Toni Mueller wrote:
> 
> Hi Kurt,
> 
> On Sat, Jul 12, 2014 at 01:25:47PM +0200, Kurt Roeckx wrote:
> > What are you doing with the binaries, include files, man pages,
> > ...?  Will they conflict with the ones from openssl?
> 
> my intention is to package this stuff so one can have both openssl and
> libressl installed in parallel. libressl currently has libraries with
> these sonames:
> 
> libssl.so.26
> libcrypto.so.29

I don't really like it, since it could potentionally clash with
the ones provided by openssl.  But it seems unlikely that openssl
will ever use that as soname.

I had the feeling openbsd didn't care much about ABI stability,
and that being at 26 and 29 already doesn't give me a good feeling
either.  I hope you don't have to go and change the binary package
names each time you upload a new version.

> > If you're interested in maintaining such a package, why did you
> > never respond to the RFH for openssl?
> 
> There are a number of reasons for that, but one has been that I was
> unhappy about the perceived 'closedness' of the project

I was never very happy with it either.  But it has very recently
changed, and I think it's going in the right direction.  I'm now
also in the openssl development team.

> I generally trust
> the OpenBSD folks, who are the vast majority behind LibreSSL, much more
> with respect to their ability to understand security and pursuing a "no
> backdoors" philosophy than most other people.

I'm not really sure what you mean by this.  I'm pretty sure the
openssl development team has a pretty good understanding of
security and I don't see anybody adding a backdoor in it.

> FWIW, I have well over a
> decade of very good experience with OpenBSD

Not everybody has the same experience with them.

> although I prefer Debian
> for most purposes, including a general slant towards "copyleft" (GPL)
> instead of "copyright" (BSD). They simply provide one of the, or the
> one, most viable alternatives to OpenSSL, thus helping to break down the
> obviously unhealthy monopoly that currently is OpenSSL.

I think GnuTLS is actually a better alternative and wish there
were more people developing and using it.

> @Kurt: That should imho go to devel@, not only to you and the BTS.

I did intend to send it to the list, but forgot to Cc it, so doing
that now.

Kurt

Reply to:

Follow-Ups:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <toni@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Bastian Blank <waldi@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <support@oeko.net>

Prev by Date: Re: Bug#754551: ITP: node-ms -- milliseconds conversion utility
Next by Date: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Previous by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread