X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mail-qt0-f193.google.com (mail-qt0-f193.google.com [209.85.216.193]) by lists.alpinelinux.org (Postfix) with ESMTP id 9AF355C5DE1 for ; Sat, 10 Feb 2018 14:24:57 +0000 (GMT) Received: by mail-qt0-f193.google.com with SMTP id g14so14065748qti.2 for ; Sat, 10 Feb 2018 06:24:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dereferenced-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gWP2hu0QI/sQjOfwb7p7oU8yy4TL9SyFn4Fl33hFDlI=; b=UyM2sbw/pd4vsLPTZTMydd5MxlhMaLX3J/va5GDkBXKMNg658KxgnkzT5rt3TxBiyq UwHmBAnbKFGcZ2XLX22Z70T0LjV/CdjwI2hbvUjmDXMbCnJxpxX4hGAu6xZyHTNunCZT /NYpjN0MD7RbY/RPeDtNCRLTgV4uYmZyIrC3oTJkvZz19x+OQ6+OHvhXhZXlaYAwstuQ HPJiOMazSZUrbGaPjC/Bbt1tRjZWBetnGnYOxaPs/xssUOMXCb6P2xrkhuMDGfRnz+vL +p42W6NSEkh60COiD+ETf3XOsXP9Gh4syrahyGhg2RW2V3OMiQrho7Mi40+czl/XzFC0 zdtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gWP2hu0QI/sQjOfwb7p7oU8yy4TL9SyFn4Fl33hFDlI=; b=XALEI7UO0HVXhVlvCFC7Omq60lVYn2q6JDOoGKrKhLohwAeEgLcsK1xaeDz9TmtYgS +PeLa406jRWA9OqDm9D254JTRkeNKaHB6ansNxe8q4VYZBiCcj9UP8jincgZDmD0tjBP vaW9SQAyBxpTn1HMjZkU3T+s2j9sPPBvbTpPQBJ5sbV0/6qNrFW6f8LclwAoOCH8gjTq RV8c24nP9wCj+0P6lqFuU+hOkX/81c7yIb2j+320nw+Jbj6NyM6e/WBNNGNpNWE8+wRL J3wXA+dYXtapdxYGaSDq9QrOHY+kuOCLt1I7wEN+RzvlJU+CGIV8MxufU9kNY5cno7b+ 9yoA== X-Gm-Message-State: APf1xPB0TgRik8k9oq+RDHc3M0y5dPLwjHYStLhfm3tpfiFwYBO7nTFg 9QE3Yx4/mb16sVnwKHNYhsXPQpsP8khBhvPoRiPxB6/7 X-Google-Smtp-Source: AH8x227lzUKHleFjK4fyM7KuaT3xLGo8H0f2ca9p7Q+4c9joqKQby4iE9K6NJi6XvVTQ/1uoGOqGXRDVssvSdfTYmIE= X-Received: by 10.200.58.39 with SMTP id w36mr10193903qte.76.1518272697183; Sat, 10 Feb 2018 06:24:57 -0800 (PST) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Received: by 10.200.39.100 with HTTP; Sat, 10 Feb 2018 06:24:56 -0800 (PST) In-Reply-To: <20180210140107.0a5a4af9@mechanicum.chadwicks.me.uk> References: <20180209211237.19ab8fda@ncopa-macbook.copa.dup.pw> <20180210113628.0b5fa8a4@mechanicum.chadwicks.me.uk> <20180210140107.0a5a4af9@mechanicum.chadwicks.me.uk> From: William Pitcock Date: Sat, 10 Feb 2018 08:24:56 -0600 Message-ID: Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl implementation To: Kevin Chadwick Cc: alpine-dev Content-Type: text/plain; charset="UTF-8" Hello, On Sat, Feb 10, 2018 at 8:01 AM, Kevin Chadwick wrote: > On Sat, 10 Feb 2018 07:40:28 -0600 > > >> > https://marc.info/?l=openbsd-misc&m=151826186428121&w=2 >> > >> > I use long long/uint64_t on my embedded development and don't build >> > for linux so personally I don't understand especially with >> >> This mailing list is for the discussion of Alpine Linux, not OpenBSD. >> It appears you do not use Alpine nor develop Alpine, so why exactly >> are you here? > > That link talks about TAI64N not being in the standards which you > raised as an issue for alpine? I did not say that TAI64N is part of the TLS standard, I said that it was a portable way to hold a date that ensures Y2038 safety. I said that OpenSSL uses TAI64N-like date calculations to ensure Y2038 safety, which it does. I also said that OpenBSD uses a 64-bit time_t to ensure Y2038 safety on OpenBSD, which it does. I also said that Alpine uses a 32-bit time_t on 32-bit systems, which is not Y2038 safe, which it does. Natanael pointed out a workaround that LibreSSL did, that tests the 32-bit time_t for overflow and then accepts the certificate as valid if it did, which is still not Y2038 safe, still completely missing the point, still dodgy, and arguably an actual security vulnerability. In other words, it got WORSE, not BETTER. At no time did I say that LibreSSL was unsafe on OpenBSD 32-bit, in fact, I explicitly said "OpenBSD uses a 64-bit time_t which is good enough." > I was trying to help. > > I dabbled with Alpine for a few use cases and really like it. I have > respect for Natanael and recommend alpine where OpenBSD does not suit > which isn't many cases. I am also subscribed to hardened Gentoo out of > interest. > >> For anyone else wanting to killfile this troll, note he also posts >> from a yahoo.co.uk domain. > > I regret saying you may have an agenda and apologise for it looking > back if that is what you mean by trolling. My only agenda is to make sure that programs stuck with the dumpster fire known as OpenSSL have an implementation that works CORRECTLY and SAFELY for the people using it on 32-bit systems. It certainly is not to promote the use of OpenSSL, if you got that idea, you have a serious misunderstanding on my position regarding both LibreSSL and OpenSSL: they're both garbage, and programs should use neither. > On reflection your original email was mainly vexing for the "proper" and as I feel I have > demonstrated (by standing on peers shoulders), largely incorrect. You have demonstrated nothing. Instead, you cross-post my mail, and that of several other people, out of context, to openbsd-misc and therefore invite a bunch of people to troll privately. > I have no trolling intentions and have not used yahoo for many years? If this is not about trolling, then Iran-Contra wasn't about weapons for hostages. Killfiled for real this time. William --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---