X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29])
by lists.alpinelinux.org (Postfix) with ESMTP id D27475C4E9D
for <alpine-devel@lists.alpinelinux.org>; Thu, 15 Feb 2018 10:39:16 +0000 (GMT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
by mailout.nyi.internal (Postfix) with ESMTP id 778F620DC7
for <alpine-devel@lists.alpinelinux.org>; Thu, 15 Feb 2018 05:39:16 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
by compute2.internal (MEProxy); Thu, 15 Feb 2018 05:39:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ftml.net; h=
content-type:date:from:in-reply-to:message-id:mime-version
:references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
fm2; bh=zLbjTyJmPVS996PiETwKvOWDk2xHj6NN5rq4BGp4tsc=; b=dpN2Q695
N6XMwolBX4/DZ54216AYKwuSr0UYcAZg0cS5GBDZoU55vV/477kbyYy1tfeU3SVv
al2stgd0mTy1oGjOOmLJuoQ072D+ULabt5U1eTa3ICxBUSPuT7r7ZfkTZ/cB8dmV
w2YSBVw9LBcjkerS8a4caWnJ25x/cTxf95283FkaS6dbCfuInsQKOfEiX+FobU8w
N7kyf+CWpsZtXpcTYHarkMFNok6NCQBsXXEsRn12FZmG/AMtesL5/NDHTiTNdlMb
SJX5632ScbVPs4gieZlnURLz4NVjarruPp4hhyt/DZ+cAoj8TcuZpZXnCIVvhDyE
YYfV+BtKVqGjfg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-type:date:from:in-reply-to
:message-id:mime-version:references:subject:to:x-me-sender
:x-me-sender:x-sasl-enc; s=fm2; bh=zLbjTyJmPVS996PiETwKvOWDk2xHj
6NN5rq4BGp4tsc=; b=VAklO1A+84833GjLU4IqyYOdnyyFOfBZ9UKQHlY2no2V4
EWHZgApMxtI5It6Klqo3KQ3MJEndpn0hWNh9arH2wHrlNdxKfosw2cwI/mMTlBD4
Iy8QVR1O2cUT78+QvrbbbQN4sb0KWo2nfWPGeOIgENL4IGeqPaQLsIDChBpM32Lh
afXpN7mx44nESU3VblLwURZYDQ0sCj0lWfxK+7wt0mhaAA+nsSvMSfjRPMf62N7F
Md+EnSISUCy0NS4NIzDWSW9UrZsmnBY2GWfiOhwGM2JyQXTIIz/U2NHxMav3GGEJ
SMiXtxqIJL9F3DFabW/5kBgZ2OzvkLhFyhZ6j4j/w==
X-ME-Sender: <xms:VGOFWrwiawWXCG9PwC1EU34rukqOgt-I72Z2nCx48dxkjOTIQog4HQ>
Received: from terrence (unknown [193.160.158.5])
by mail.messagingengine.com (Postfix) with ESMTPA id D2C5D7E4AA
for <alpine-devel@lists.alpinelinux.org>; Thu, 15 Feb 2018 05:39:15 -0500 (EST)
Date: Thu, 15 Feb 2018 13:39:14 +0300
From: Consus <consus@ftml.net>
To: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system
openssl implementation
Message-ID: <20180215103913.GB30146@terrence>
References: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe:
<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe:
<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
On 11:23 Thu 08 Feb, William Pitcock wrote:
> Hello,
>
> To start off, I would like to say that when we first switched to
> libressl, it was largely as a reaction to what we perceived as bad
> maintenance being done in openssl. At the time, it was a perfectly
> reasonable and valid reaction.
>
> There were other reasons to care, too: the libressl guys were working
> to relicense as much of libressl as possible under ISC license.
>
> But openssl 1.1 has a different situation: Akamai and the Core
> Infrastructure Initiative have come together to sponsor development
> and maintenance of openssl since we switched, which means that there's
> higher quality maintenance occuring now. They are also working on a
> relicensing process, much like the libressl guys are doing, which has
> a larger scope[1]. Meanwhile, the libressl guys have been removing
> functionality we depend on, such as support for hardware accelerators
> (ENGINE apis), switching from 64-bit TAIN date calculations to time_t
> (because time_t is good enough on OpenBSD) and dropping openssl 1.0.1
> APIs they see as unsuitable.
>
> libressl promised to retain compatibility with 1.0.1g APIs, but has
> failed to do so. As such, there is an increasing workload to keep
> packages compatible with libressl as it evolves. Therefore, it is
> obviously not truly a suitable provider for the openssl package, and
> we should switch back to proper openssl as the default. We will
> however retain libressl for packages which require it (for example,
> ones using the new libtls APIs).
>
> If there is no objection to this proposed change, I intend to do the
> swap next week.
Seems like LibreSSL team is starting to support OpenSSL 1.1 API:
commit 3a94b192e7c26a9092dae24d992de50398beaa1a
Author: jsing <jsing@openbsd.org>
Date: Wed Feb 14 16:32:06 2018 +0000
Start providing parts of the OpenSSL 1.1 API.
This will ease the burden on ports and others trying to make software
work with LibreSSL, while avoiding #ifdef mazes. Note that we are not
removing 1.0.1 API or making things opaque, hence software written to
use the older APIs will continue to work, as will software written to
use the 1.1 API (as more functionality become available).
Discussed at length with deraadt@ and others.
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---