X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-qk0-f181.google.com (mail-qk0-f181.google.com [209.85.220.181]) by lists.alpinelinux.org (Postfix) with ESMTP id 4B93C5C371B for ; Thu, 8 Feb 2018 17:23:28 +0000 (GMT) Received: by mail-qk0-f181.google.com with SMTP id n188so6579898qkn.11 for ; Thu, 08 Feb 2018 09:23:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dereferenced-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=gDQAkmPxJUDU0shcnwAgjnzDUJ3SsC9wOhaIPLNb2GQ=; b=mCRTbHKBknecZmq2b+tX2AzRcyX/NtibWVbN0PpxnXAQk31yFWluYekTRfVhtmyTxR pywOlzdmiDEY+HbSEPhd8FYtPFx8jACaozGTJ+HgJBcnjIko01r3MupW2K5CPIOEcKgM JUpzuNMxMIE0AGmh32BxUQcf1+0JQ7dIc0sI7+0yOl8gCgukg+HQofgjmucfU8wIDJZj PWEAnFnYyhJDfIR+WXN4juPoip8ylfGmUSc8dusHMCOe8OUXQuDCt7DtXdfnTrwrgy17 PCXadLFd3IF1lWLPNSsNFcU2suBzFc08lp+9R+wCCFU7WV4HaDwiYc0HO6yF7+SxG2Ea krhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=gDQAkmPxJUDU0shcnwAgjnzDUJ3SsC9wOhaIPLNb2GQ=; b=XTLB/FwV8OMwicRO/sTzSr/d8VW8f/IAfVxGl2QcHO6aTudiH7Jhldw6Pt0rADwLWu G+5urNVWe5/GM3PQPcNDVfELPwp2pbhXQs8Z8LZlc6b3/Q9gUCWY9a9oq4TWT8TT9sPX GHHu/E9rD02YS+2IkHikYcejxbQFUnIX/KJhogRln9c4ZeQKlb/6qHB5p/xi/1k2pesA 4xmhEZbIXyPmQRUgaYYR/nAz6U6C9hf5gwhQL06Lc8p/rZa+tUuCU7VR8a3BiTK+X8To 78Cx/mPnwjxg1a+OABEoyMrmNfss9sGTKGU7+mCYmDU6ilP42ooBwj5kpYrOykQLrPqe RRMw== X-Gm-Message-State: APf1xPC+QKboXh84lLLCsFxmkYGRwd4Q3e6X+dy9fZ6wIwrfH5UYoJ+k PMV5uyGIGDz+V5D3//k5emoHfoh3rLs1BZEyyC3xmWtx X-Google-Smtp-Source: AH8x227eW8fmWowsTerr5Twq4hxkkGCnd7OMo06xX2F2xWaacQzXJoGKmxFY/FdH3SfJywFZz8pvNHBD9ztUUvy7Ddg= X-Received: by 10.55.44.4 with SMTP id s4mr2059624qkh.68.1518110607451; Thu, 08 Feb 2018 09:23:27 -0800 (PST) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.200.39.100 with HTTP; Thu, 8 Feb 2018 09:23:26 -0800 (PST) From: William Pitcock Date: Thu, 8 Feb 2018 11:23:26 -0600 Message-ID: Subject: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation To: alpine-dev Content-Type: text/plain; charset="UTF-8" Hello, To start off, I would like to say that when we first switched to libressl, it was largely as a reaction to what we perceived as bad maintenance being done in openssl. At the time, it was a perfectly reasonable and valid reaction. There were other reasons to care, too: the libressl guys were working to relicense as much of libressl as possible under ISC license. But openssl 1.1 has a different situation: Akamai and the Core Infrastructure Initiative have come together to sponsor development and maintenance of openssl since we switched, which means that there's higher quality maintenance occuring now. They are also working on a relicensing process, much like the libressl guys are doing, which has a larger scope[1]. Meanwhile, the libressl guys have been removing functionality we depend on, such as support for hardware accelerators (ENGINE apis), switching from 64-bit TAIN date calculations to time_t (because time_t is good enough on OpenBSD) and dropping openssl 1.0.1 APIs they see as unsuitable. libressl promised to retain compatibility with 1.0.1g APIs, but has failed to do so. As such, there is an increasing workload to keep packages compatible with libressl as it evolves. Therefore, it is obviously not truly a suitable provider for the openssl package, and we should switch back to proper openssl as the default. We will however retain libressl for packages which require it (for example, ones using the new libtls APIs). If there is no objection to this proposed change, I intend to do the swap next week. [1]: https://license.openssl.org/ --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---