X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from mail.wilcox-tech.com (mail.wilcox-tech.com [45.32.83.9])
	by lists.alpinelinux.org (Postfix) with ESMTP id 94F835C4E50
	for <alpine-devel@lists.alpinelinux.org>; Thu,  8 Feb 2018 18:19:14 +0000 (GMT)
Received: (qmail 25851 invoked from network); 8 Feb 2018 18:19:11 -0000
Received: from 107-131-85-28.lightspeed.tulsok.sbcglobal.net (HELO ?192.168.1.237?) (awilcox@wilcox-tech.com@107.131.85.28)
  by mail.wilcox-tech.com with ESMTPA; 8 Feb 2018 18:19:11 -0000
Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system
 openssl implementation
To: alpine-devel@lists.alpinelinux.org
References: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
 <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk>
From: "A. Wilcox" <awilfox@adelielinux.org>
Organization: =?UTF-8?Q?Ad=c3=a9lie_Linux?=
Message-ID: <9750d294-4f83-3f20-17a1-2177ad62bfe3@adelielinux.org>
Date: Thu, 8 Feb 2018 12:19:22 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
In-Reply-To: <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL
Content-Type: multipart/mixed; boundary="BSaIm0WhEVneNn43fH69QeqnUfUVu6OfO";
 protected-headers="v1"
From: "A. Wilcox" <awilfox@adelielinux.org>
To: alpine-devel@lists.alpinelinux.org
Message-ID: <9750d294-4f83-3f20-17a1-2177ad62bfe3@adelielinux.org>
Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system
 openssl implementation
References: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
 <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk>
In-Reply-To: <20180208180544.3ff19e66@mechanicum.chadwicks.me.uk>

--BSaIm0WhEVneNn43fH69QeqnUfUVu6OfO
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 02/08/18 12:05, Kevin Chadwick wrote:
> Do you have a list of packages at all?

This is an easy list, it is probably not the entire list:

awilcox on ciall /usr/src/alpine-aports $ find . -name
'*libressl*.patch' | sort
=2E/community/asio/libressl.patch
=2E/community/cargo/openssl-fix-libressl-cmsh-detection.patch
=2E/community/cargo/openssl-libressl263-compat.patch
=2E/community/erlang/0011-fix-libressl-build.patch
=2E/community/freerdp/libressl-2.5.patch
=2E/community/gsoap/libressl.patch
=2E/community/heirloom-mailx/libressl.patch
=2E/community/isync/libressl-compat.patch
=2E/community/john/libressl.patch
=2E/community/mongodb-tools/libressl.patch
=2E/community/pgbouncer/libressl-2.5.patch
=2E/community/qt5-qtbase/libressl-compat.patch
=2E/community/retawq/libressl.patch
=2E/community/rethinkdb/libressl-all.patch
=2E/community/stunnel/stunnel-libressl.patch
=2E/community/xchat/libressl.patch
=2E/community/yadifa/libressl-compat.patch
=2E/main/boost/libressl.patch
=2E/main/elinks/libressl-2.5.patch
=2E/main/fetchmail/libressl.patch
=2E/main/freeswitch/sofia-sip-libressl.patch
=2E/main/haproxy/fix-libressl-2.5.patch
=2E/main/hexchat/libressl.patch
=2E/main/hostapd/libressl-compat.patch
=2E/main/krb5/libressl.patch
=2E/main/ldns/1.6.17-libressl.patch
=2E/main/libevent/libressl.patch
=2E/main/libgit2/libressl.patch
=2E/main/lua-cqueues/libressl-2.5.patch
=2E/main/mosquitto/libressl.patch
=2E/main/neon/fix-libressl.patch
=2E/main/open-isns/libressl.patch
=2E/main/openldap/libressl.patch
=2E/main/opensmtpd/libressl-compat.patch
=2E/main/openvswitch/libressl-compat.patch
=2E/main/opusfile/libressl.patch
=2E/main/partimage/libressl.patch
=2E/main/perl-crypt-ssleay/libressl.patch
=2E/main/postfix/libressl.patch
=2E/main/python3/libressl.patch
=2E/main/qt/qtcore-4.8.5-libressl.patch
=2E/main/serf/libressl.patch
=2E/main/spice-gtk/libressl.patch
=2E/main/spice/libressl.patch
=2E/main/strongswan/libressl.patch
=2E/main/tlsdate/libressl-no-sslv3.patch
=2E/main/tlsdate/libressl-sslstate.patch
=2E/main/transmission/libressl.patch
=2E/main/wpa_supplicant/libressl.patch
=2E/main/xrdp/libressl-support.patch
=2E/testing/bobcat/libressl-compatibility.patch
=2E/testing/ejabberd/libressl.patch
=2E/testing/imapfilter/libressl.patch
=2E/testing/libimobiledevice/01-libressl.patch
=2E/testing/litespeed/libressl.patch
=2E/testing/megatools/libressl.patch
=2E/testing/openconnect/openconnect-7.08-libressl251.patch
=2E/testing/prayer/libressl.patch
=2E/testing/proftpd/libressl.patch
=2E/testing/tarantool/tests-libressl-compat.patch
=2E/testing/x11vnc/libressl.patch


It isn't just this.  Qt 5.10 introduces new dependency on OpenSSL 1.1
APIs for improved security, and LibreSSL does not implement those APIs
at all.

Also, as mentioned in my other email, one pain point is something like
mailman or taiga, which require Python Cryptography package version 1.7.
 This version requires OpenSSL APIs that LibreSSL removed.  That'd be
fine, since it could be built against OpenSSL instead, however!
libressl-dev and openssl-dev conflict, and python-dev installs
libressl-dev because Python is built against LibreSSL.  That means you
can't actually build OpenSSL-requiring Python packages at all.

I'd imagine similar issues would be had with Ruby, Perl, Node, and all
the rest.  Certainly any Qt application that needs OpenSSL APIs (like
Kleopatra, KDE's key management utility) won't be buildable as well.

This is a maintanence burden that prevents the Alpine community from
focusing on important issues.  What is better: "making a stand" for
LibreSSL (which does not even care about Linux or ABI compatibility), or
investing that time and effort into our correct license field project?
Or porting more software to musl, improving the quality of more
codebases and the entire open source ecosystem?  Or porting Alpine to
other architectures like better ARM support and MIPS support?


Best,
--arw

--=20
A. Wilcox (awilfox)
Project Lead, Ad=C3=A9lie Linux
http://adelielinux.org


--BSaIm0WhEVneNn43fH69QeqnUfUVu6OfO--

--t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJMBAEBCAA2FiEEjNyWOYPU1SaTSMHHyynLUZIrnRQFAlp8lKoYHGF3aWxmb3hA
YWRlbGllbGludXgub3JnAAoJEMspy1GSK50Ur2oP/iKKEM4Ud3v6Wlup5eW6qAKg
IecYa6AsbbguknBMOZfWdUIzxT6tzZ9qqi004VY2BEeryEJdBclmaSeYAFfhnF/c
J9+y1wVdw3M/3GEW48UsDy0gzdvcctd0OQF4u48E9/1C7lXjWW5mwfP3c+IYeRZo
GTn4s3MxpSZRldtnFNA/n8OCcgez0wAmsjiIsrecnihvWXE8Un1eLFi01PGth1gh
Pk98ub2NExtlttTVrKyiJ39q8IvjKw03vIwlscvCslasReRaG5/sAAlQf7OI7MIH
n3i3liHbhfpPTLH/PGA6Qg/6/TijqU5SkU1QIN+rACgcgZTky7El+T6VXS7ifxku
zdwd6HIDDnHnr2/niHoRs/XwJvhqBvRnarXMKZzzRvwYU4c/eQ6vbdo4rykbzigj
4RAgq5XxK9aDkTmXnf86H73pvYCjiN9NOfgU5mpkuZEkW+vWL5ej5gc/XkjBTPm3
uOK8DaMh78Yz8owexcKjRJ8eB2zUkE/AG1H1oz1ScM+HxSl81clvk2dSiFwNt8SU
oTC9EFT8o0FieNR+4xVkOZgShm/bL/qB55F2RULgMXbG4jIYGKtEO/Ahiq9eNm9f
7cJsMa1Dp73nkW61QsPUlRXvqsJNTJgf5dOHyNuAJdF0vsLIYOe+5xW4UEKo75lf
tgsN/DXB8rA5qCRd+wMF
=Bnr/
-----END PGP SIGNATURE-----

--t6wfexb9LvMmcm8xE8K0KrDfiWbHWLnwL--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---