Mail archive
alpine-devel

Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation

From: A. Wilcox <awilfox_at_adelielinux.org>
Date: Thu, 8 Feb 2018 12:19:22 -0600

On 02/08/18 12:05, Kevin Chadwick wrote:
> Do you have a list of packages at all?

This is an easy list, it is probably not the entire list:

awilcox on ciall /usr/src/alpine-aports $ find . -name
'*libressl*.patch' | sort
./community/asio/libressl.patch
./community/cargo/openssl-fix-libressl-cmsh-detection.patch
./community/cargo/openssl-libressl263-compat.patch
./community/erlang/0011-fix-libressl-build.patch
./community/freerdp/libressl-2.5.patch
./community/gsoap/libressl.patch
./community/heirloom-mailx/libressl.patch
./community/isync/libressl-compat.patch
./community/john/libressl.patch
./community/mongodb-tools/libressl.patch
./community/pgbouncer/libressl-2.5.patch
./community/qt5-qtbase/libressl-compat.patch
./community/retawq/libressl.patch
./community/rethinkdb/libressl-all.patch
./community/stunnel/stunnel-libressl.patch
./community/xchat/libressl.patch
./community/yadifa/libressl-compat.patch
./main/boost/libressl.patch
./main/elinks/libressl-2.5.patch
./main/fetchmail/libressl.patch
./main/freeswitch/sofia-sip-libressl.patch
./main/haproxy/fix-libressl-2.5.patch
./main/hexchat/libressl.patch
./main/hostapd/libressl-compat.patch
./main/krb5/libressl.patch
./main/ldns/1.6.17-libressl.patch
./main/libevent/libressl.patch
./main/libgit2/libressl.patch
./main/lua-cqueues/libressl-2.5.patch
./main/mosquitto/libressl.patch
./main/neon/fix-libressl.patch
./main/open-isns/libressl.patch
./main/openldap/libressl.patch
./main/opensmtpd/libressl-compat.patch
./main/openvswitch/libressl-compat.patch
./main/opusfile/libressl.patch
./main/partimage/libressl.patch
./main/perl-crypt-ssleay/libressl.patch
./main/postfix/libressl.patch
./main/python3/libressl.patch
./main/qt/qtcore-4.8.5-libressl.patch
./main/serf/libressl.patch
./main/spice-gtk/libressl.patch
./main/spice/libressl.patch
./main/strongswan/libressl.patch
./main/tlsdate/libressl-no-sslv3.patch
./main/tlsdate/libressl-sslstate.patch
./main/transmission/libressl.patch
./main/wpa_supplicant/libressl.patch
./main/xrdp/libressl-support.patch
./testing/bobcat/libressl-compatibility.patch
./testing/ejabberd/libressl.patch
./testing/imapfilter/libressl.patch
./testing/libimobiledevice/01-libressl.patch
./testing/litespeed/libressl.patch
./testing/megatools/libressl.patch
./testing/openconnect/openconnect-7.08-libressl251.patch
./testing/prayer/libressl.patch
./testing/proftpd/libressl.patch
./testing/tarantool/tests-libressl-compat.patch
./testing/x11vnc/libressl.patch


It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1
APIs for improved security, and LibreSSL does not implement those APIs
at all.

Also, as mentioned in my other email, one pain point is something like
mailman or taiga, which require Python Cryptography package version 1.7.
 This version requires OpenSSL APIs that LibreSSL removed. That'd be
fine, since it could be built against OpenSSL instead, however!
libressl-dev and openssl-dev conflict, and python-dev installs
libressl-dev because Python is built against LibreSSL. That means you
can't actually build OpenSSL-requiring Python packages at all.

I'd imagine similar issues would be had with Ruby, Perl, Node, and all
the rest. Certainly any Qt application that needs OpenSSL APIs (like
Kleopatra, KDE's key management utility) won't be buildable as well.

This is a maintanence burden that prevents the Alpine community from
focusing on important issues. What is better: "making a stand" for
LibreSSL (which does not even care about Linux or ABI compatibility), or
investing that time and effort into our correct license field project?
Or porting more software to musl, improving the quality of more
codebases and the entire open source ecosystem? Or porting Alpine to
other architectures like better ARM support and MIPS support?


Best,
--arw

-- 
A. Wilcox (awilfox)
Project Lead, Adélie Linux
http://adelielinux.org




---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu Feb 08 2018 - 12:19:22 GMT