-----BEGIN PGP SIGNED MESSAGE-----
Hello there Alpinists,
LibreSSL has issues on 32-bit platforms that they will not fix.
They claim that this is a "kernel ABI issue" and that they do not want
to use a custom time type when time_t is 32-bit, which is the case on
32-bit Linux right now. This is likely to remain an issue for a
number of years (conservative estimates from the linked article put a
32-bit ABI with 64-bit time_t as appearing in 2021 or later).
This is a growing issue with root CA certificates being issued with
long (20+ year) expirations; in fact, some software have already had
to roll back to OpenSSL on 32-bit platforms due to this. OpenSSL
is not affected by this bug as of 1.0.0.
Additionally, the LibreSSL team is notoriously hostile to Linux
developers. I have had personal run-ins with members of their team
that has made me wish to avoid working with them.
This is likely not an issue for Alpine as 32-bit platforms are not
really supported as far as I can tell. 32-bit PowerPC is not a
target, 32-bit ARM breaks constantly and is not a priority, and
32-bit x86 is being dropped for 3.8.
However, Adélie targets 32-bit x86, 32-bit MIPS, 32-bit PowerPC, and
32-bit ARM. Obviously this is therefore a quite significant issue for
us. We do not want to have to soft-fork every package in the Alpine
aports repository that depends on OpenSSL or LibreSSL to change the
library provider. I am soliciting ideas on how to move forward.
My own idea would be to make a libssl-dev virtual that is satisfied by
libressl-dev on Alpine and openssl-dev on Adélie. We can use the new
provides_priority to accomplish this, and then we only have to
soft-fork the OpenSSL package.
Other ideas (that do not include dropping 32-bit architectures from
Adélie) are welcome. Let's discuss.
Best to you and yours,
: #alpine-devel IRC from September 2017 (missing from irclogger)
A. Wilcox (awilfox)
Project Lead, Adélie Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
Received on Mon Nov 06 2017 - 20:04:31 GMT