[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: RFP: libressl -- SSL library, forked from OpenSSL

On Tue, Oct 17, 2017 at 10:26:06PM +0200, Guus Sliepen wrote:
> I see two main forces determining which fork of a library will be used:
> either distributions themselves will choose based on technical and other
> merits, or important applications will favor one of the forks, forcing
> the decision for distributions. OpenSSH is now applying some force, I
> have no idea what programs are out there that can only work with
> OpenSSL. I assume those that moved to OpenSSL 1.1 and ditched OpenSSL
> 1.0 compatibility, but I wonder how many there are.
> It would be interesting to recompile all packages that Build-Depend:
> libssl-dev with LibreSSL, and see what actually breaks...

It occured to me that I can provide data on how much such a rebuild would
take.  Of course, a fat elebenty-core machine with gobs of RAM can do the
whole archive in hours, while a shit ARM SoC takes over two months, but
proportions should be roughly same.

Packages with an OpenSSL build-dependency are pretty heavy: there are 714
ones depending on libssl-dev, taking 7.7% of total archive rebuild time.
As for libssl1.0-dev, it's 271 packages taking 2.5% of time.

On said shit SoC that's 5 and 1.6 days respectively.  I don't know what's
under your desk, but I don't suspect you of using a machine that can't do
such a rebuild under a day.

⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄⠀⠀⠀⠀ sky.  Your cat demands food.  The priority should be obvious...

Reply to: