Bug#754513: RFP: libressl -- SSL library, forked from OpenSSL
On Mon, Oct 16, 2017 at 01:07:43PM -0400, Michael Stone wrote:
> My understanding is that the libressl project does not support a release for
> the length of a debian release cycle, and does not commit to API stability
> for debian-cycle periods.
The LibreSSL website currently says one year.
One relevant data point is that OpenSSH 7.6p1 seems to build and run
fine against LibreSSL 2.0.0 (the first public release, from July 2014),
so I'm not very concerned about API stability from the point of view of
OpenSSH. Your wider concerns may well be reasonable for an
externally-packaged library though; I don't have enough experience with
SSL library maintenance to be able to say.
Colin Watson [email@example.com]