On Mon, Oct 16, 2017 at 05:29:09PM +0100, Colin Watson wrote:
Out of all of these, I think the option that I think has the fewest downsides overall is to convince people to package LibreSSL, but I'm not myself in a position to contribute to that effort. Does anyone have thoughts or other options, or want to help?
My understanding is that the libressl project does not support a release for the length of a debian release cycle, and does not commit to API stability for debian-cycle periods. (The openbsd model historically is to break ABI and even API between releases, in order to minimize compatability code, which works with their rebuild-the-world release model.) Is there any sign that if debian packages libressl in order to use openssh, debian would not end up being the de facto maintainers of an unsupported years-old libressl release by the end of a debian stable release cycle (not to mention debian LTS)? I think that in practical terms that would leave us worse off than settling on a compatability layer that's shared with other distributions.
Mike Stone