X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail.wilcox-tech.com (mail.wilcox-tech.com [45.32.83.9]) by lists.alpinelinux.org (Postfix) with ESMTP id 94F835C4E50 for ; Thu, 8 Feb 2018 18:19:14 +0000 (GMT) Received: (qmail 25851 invoked from network); 8 Feb 2018 18:19:11 -0000 Received: from 107-131-85-28.lightspeed.tulsok.sbcglobal.net (HELO ?192.168.1.237?) (awilcox@wilcox-tech.com@107.131.85.28) by mail.wilcox-tech.com with ESMTPA; 8 Feb 2018 18:19:11 -0000 Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation To: alpine-devel@lists.alpinelinux.org References: <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk> From: "A. Wilcox" Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?= Message-ID: <9750d294-4f83-3f20-17a1-2177ad62bfe3@adelielinux.org> Date: Thu, 8 Feb 2018 12:19:22 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 In-Reply-To: <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL Content-Type: multipart/mixed; boundary="BSaIm0WhEVneNn43fH69QeqnUfUVu6OfO"; protected-headers="v1" From: "A. Wilcox" To: alpine-devel@lists.alpinelinux.org Message-ID: <9750d294-4f83-3f20-17a1-2177ad62bfe3@adelielinux.org> Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation References: <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk> In-Reply-To: <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk> --BSaIm0WhEVneNn43fH69QeqnUfUVu6OfO Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02/08/18 12:05, Kevin Chadwick wrote: > Do you have a list of packages at all? This is an easy list, it is probably not the entire list: awilcox on ciall /usr/src/alpine-aports $ find . -name '*libressl*.patch' | sort =2E/community/asio/libressl.patch =2E/community/cargo/openssl-fix-libressl-cmsh-detection.patch =2E/community/cargo/openssl-libressl263-compat.patch =2E/community/erlang/0011-fix-libressl-build.patch =2E/community/freerdp/libressl-2.5.patch =2E/community/gsoap/libressl.patch =2E/community/heirloom-mailx/libressl.patch =2E/community/isync/libressl-compat.patch =2E/community/john/libressl.patch =2E/community/mongodb-tools/libressl.patch =2E/community/pgbouncer/libressl-2.5.patch =2E/community/qt5-qtbase/libressl-compat.patch =2E/community/retawq/libressl.patch =2E/community/rethinkdb/libressl-all.patch =2E/community/stunnel/stunnel-libressl.patch =2E/community/xchat/libressl.patch =2E/community/yadifa/libressl-compat.patch =2E/main/boost/libressl.patch =2E/main/elinks/libressl-2.5.patch =2E/main/fetchmail/libressl.patch =2E/main/freeswitch/sofia-sip-libressl.patch =2E/main/haproxy/fix-libressl-2.5.patch =2E/main/hexchat/libressl.patch =2E/main/hostapd/libressl-compat.patch =2E/main/krb5/libressl.patch =2E/main/ldns/1.6.17-libressl.patch =2E/main/libevent/libressl.patch =2E/main/libgit2/libressl.patch =2E/main/lua-cqueues/libressl-2.5.patch =2E/main/mosquitto/libressl.patch =2E/main/neon/fix-libressl.patch =2E/main/open-isns/libressl.patch =2E/main/openldap/libressl.patch =2E/main/opensmtpd/libressl-compat.patch =2E/main/openvswitch/libressl-compat.patch =2E/main/opusfile/libressl.patch =2E/main/partimage/libressl.patch =2E/main/perl-crypt-ssleay/libressl.patch =2E/main/postfix/libressl.patch =2E/main/python3/libressl.patch =2E/main/qt/qtcore-4.8.5-libressl.patch =2E/main/serf/libressl.patch =2E/main/spice-gtk/libressl.patch =2E/main/spice/libressl.patch =2E/main/strongswan/libressl.patch =2E/main/tlsdate/libressl-no-sslv3.patch =2E/main/tlsdate/libressl-sslstate.patch =2E/main/transmission/libressl.patch =2E/main/wpa_supplicant/libressl.patch =2E/main/xrdp/libressl-support.patch =2E/testing/bobcat/libressl-compatibility.patch =2E/testing/ejabberd/libressl.patch =2E/testing/imapfilter/libressl.patch =2E/testing/libimobiledevice/01-libressl.patch =2E/testing/litespeed/libressl.patch =2E/testing/megatools/libressl.patch =2E/testing/openconnect/openconnect-7.08-libressl251.patch =2E/testing/prayer/libressl.patch =2E/testing/proftpd/libressl.patch =2E/testing/tarantool/tests-libressl-compat.patch =2E/testing/x11vnc/libressl.patch It isn't just this. Qt 5.10 introduces new dependency on OpenSSL 1.1 APIs for improved security, and LibreSSL does not implement those APIs at all. Also, as mentioned in my other email, one pain point is something like mailman or taiga, which require Python Cryptography package version 1.7. This version requires OpenSSL APIs that LibreSSL removed. That'd be fine, since it could be built against OpenSSL instead, however! libressl-dev and openssl-dev conflict, and python-dev installs libressl-dev because Python is built against LibreSSL. That means you can't actually build OpenSSL-requiring Python packages at all. I'd imagine similar issues would be had with Ruby, Perl, Node, and all the rest. Certainly any Qt application that needs OpenSSL APIs (like Kleopatra, KDE's key management utility) won't be buildable as well. This is a maintanence burden that prevents the Alpine community from focusing on important issues. What is better: "making a stand" for LibreSSL (which does not even care about Linux or ABI compatibility), or investing that time and effort into our correct license field project? Or porting more software to musl, improving the quality of more codebases and the entire open source ecosystem? Or porting Alpine to other architectures like better ARM support and MIPS support? Best, --arw --=20 A. Wilcox (awilfox) Project Lead, Ad=C3=A9lie Linux http://adelielinux.org --BSaIm0WhEVneNn43fH69QeqnUfUVu6OfO-- --t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJMBAEBCAA2FiEEjNyWOYPU1SaTSMHHyynLUZIrnRQFAlp8lKoYHGF3aWxmb3hA YWRlbGllbGludXgub3JnAAoJEMspy1GSK50Ur2oP/iKKEM4Ud3v6Wlup5eW6qAKg IecYa6AsbbguknBMOZfWdUIzxT6tzZ9qqi004VY2BEeryEJdBclmaSeYAFfhnF/c J9+y1wVdw3M/3GEW48UsDy0gzdvcctd0OQF4u48E9/1C7lXjWW5mwfP3c+IYeRZo GTn4s3MxpSZRldtnFNA/n8OCcgez0wAmsjiIsrecnihvWXE8Un1eLFi01PGth1gh Pk98ub2NExtlttTVrKyiJ39q8IvjKw03vIwlscvCslasReRaG5/sAAlQf7OI7MIH n3i3liHbhfpPTLH/PGA6Qg/6/TijqU5SkU1QIN+rACgcgZTky7El+T6VXS7ifxku zdwd6HIDDnHnr2/niHoRs/XwJvhqBvRnarXMKZzzRvwYU4c/eQ6vbdo4rykbzigj 4RAgq5XxK9aDkTmXnf86H73pvYCjiN9NOfgU5mpkuZEkW+vWL5ej5gc/XkjBTPm3 uOK8DaMh78Yz8owexcKjRJ8eB2zUkE/AG1H1oz1ScM+HxSl81clvk2dSiFwNt8SU oTC9EFT8o0FieNR+4xVkOZgShm/bL/qB55F2RULgMXbG4jIYGKtEO/Ahiq9eNm9f 7cJsMa1Dp73nkW61QsPUlRXvqsJNTJgf5dOHyNuAJdF0vsLIYOe+5xW4UEKo75lf tgsN/DXB8rA5qCRd+wMF =Bnr/ -----END PGP SIGNATURE----- --t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL-- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---