X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from mail.wilcox-tech.com (mail.wilcox-tech.com [45.32.83.9])
	by lists.alpinelinux.org (Postfix) with ESMTP id 2BE615C5CEA
	for <alpine-devel@lists.alpinelinux.org>; Thu,  8 Feb 2018 18:09:31 +0000 (GMT)
Received: (qmail 25629 invoked from network); 8 Feb 2018 18:09:27 -0000
Received: from 107-131-85-28.lightspeed.tulsok.sbcglobal.net (HELO ?192.168.1.237?) (awilcox@wilcox-tech.com@107.131.85.28)
  by mail.wilcox-tech.com with ESMTPA; 8 Feb 2018 18:09:27 -0000
Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system
 openssl implementation
To: alpine-devel@lists.alpinelinux.org
References: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
From: "A. Wilcox" <awilfox@adelielinux.org>
Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?=
Message-ID: <c486d19c-905d-83f3-c0fa-bdedf5d7e1aa@adelielinux.org>
Date: Thu, 8 Feb 2018 12:09:38 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
In-Reply-To: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="l0i7wgXlFNu0OOg0mxNTu6RKtdBXmdSp0"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--l0i7wgXlFNu0OOg0mxNTu6RKtdBXmdSp0
Content-Type: multipart/mixed; boundary="l8OqLGvWF9h97IUQHNuo5WfQajH8bKmJe";
 protected-headers="v1"
From: "A. Wilcox" <awilfox@adelielinux.org>
To: alpine-devel@lists.alpinelinux.org
Message-ID: <c486d19c-905d-83f3-c0fa-bdedf5d7e1aa@adelielinux.org>
Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system
 openssl implementation
References: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
In-Reply-To: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>

--l8OqLGvWF9h97IUQHNuo5WfQajH8bKmJe
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 02/08/18 11:23, William Pitcock wrote:
> openssl 1.1 has a different situation: Akamai and the Core
> Infrastructure Initiative have come together to sponsor development
> and maintenance of openssl since we switched, which means that there's
> higher quality maintenance occuring now.

This is good to hear, I didn't know about Akamai's involvement.

> They are also working on a
> relicensing process, much like the libressl guys are doing, which has
> a larger scope[1].

That would be a boon; I wish them all the best in their efforts.

> Meanwhile, the libressl guys have been removing
> functionality we depend on, such as support for hardware accelerators
> (ENGINE apis), switching from 64-bit TAIN date calculations to time_t
> (because time_t is good enough on OpenBSD) and dropping openssl 1.0.1
> APIs they see as unsuitable.
>
> libressl promised to retain compatibility with 1.0.1g APIs, but has
> failed to do so.  As such, there is an increasing workload to keep
> packages compatible with libressl as it evolves.

These have all caused a number of problems trying to run certain
packages on Alpine.  For example, since python -dev requires
libressl-dev, you can't build Python packages that require OpenSSL.  Not
to mention the fact that LibreSSL just plain doesn't work on Ad=C3=A9lie'=
s
32-bit PowerPC and x86 ports.

> Therefore, it is
> obviously not truly a suitable provider for the openssl package, and
> we should switch back to proper openssl as the default.  We will
> however retain libressl for packages which require it (for example,
> ones using the new libtls APIs).

+1.

> [1]: https://license.openssl.org/

One question I do have is: is there a way to disable the OpenSSL
compatibility in LibreSSL?  It would be good for packages that require
LibreSSL (libressl-dev) to be buildable even if openssl-dev is installed
(preventing something like the above Python situation).


Best regards,
--arw

--=20
A. Wilcox (awilfox)
Project Lead, Ad=C3=A9lie Linux
http://adelielinux.org


--l8OqLGvWF9h97IUQHNuo5WfQajH8bKmJe--

--l0i7wgXlFNu0OOg0mxNTu6RKtdBXmdSp0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJMBAEBCAA2FiEEjNyWOYPU1SaTSMHHyynLUZIrnRQFAlp8kmIYHGF3aWxmb3hA
YWRlbGllbGludXgub3JnAAoJEMspy1GSK50Ucd8P/Ay+vmH0g44xRa0VbCjH/KPU
u/Zwlzyg5ZQwEyMjhgcOrAcUNN1WWQTd6GEGBrJ2pVCDuRVzLkMbf2BCGXAcT8+3
XNU9hHDkIvrPn02SXjLsfsFqa7QrWBi2zvbKpfYyR4cmE2sW/lrYJDsrzZhJrDsp
7+R9wsGz80PbtyDz3uajTVAChHxrHFUZgqbQAJANzM8ngJuszC1slAKktvQb3stn
UEF8e+Gi2cPaXoSObbyme8eQWxWqMWSh9/oM2/ayjvQv4/jXs/HvrhxOIWcZ+/Tf
w+36a1nIpNP86rB1thCT5DjRDV7yHmWq2uT8pfO6d8zgZCBYoqBASK+RvlKGSfj4
czY5oxnqHTEO8zLW/NO7wU5nuS4ULfX55lALM9SaQIUMmvBuPs/nR1YLMOw0X9TP
s6MBHpzekHNOxiAN3RF+rrvj9TXkIXg9AG7V/YZoVqvn9UPMj+rQt6ESg/i6zWCK
8sHS6rYNt5jG41N0N7Wn8UErjYAHTHKNgnw0daGdfxxmlzbS5BVq+tqCIK79MpIS
/ujNH+eL1Gbr7tBgpM8DYwkRfXni4JYWCkoEHGN5z+vktm/YGd5QDwV+9irQ0ZAP
YOgdqJNRRhrb3+YWlFh4ij6y3N6O1sZ0HExQfOoKf5oG14spGrUzdRMI28I1i+bJ
8pvtbo5R9iFDKuf33PHa
=3t3w
-----END PGP SIGNATURE-----

--l0i7wgXlFNu0OOg0mxNTu6RKtdBXmdSp0--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---