Precedence: list
MIME-Version: 1.0
References: <20181011171746.4c01f758@ncopa-desktop.copa.dup.pw>
In-Reply-To: <20181011171746.4c01f758@ncopa-desktop.copa.dup.pw>
From: =?UTF-8?Q?Timo_Ter=C3=A4s?= <timo.teras@gmail.com>
Date: Thu, 11 Oct 2018 18:55:54 +0300
Message-ID: <CABTJ_OePvtRFbwZTJAUk2vzNc5wjb9EMatO=hA4ztYKB7m9ouw@mail.gmail.com>
Subject: Re: [alpine-devel] Switching back to OpenSSL
To: Natanael Copa <ncopa@alpinelinux.org>
Cc: Alpine Development <alpine-devel@lists.alpinelinux.org>
Content-Type: multipart/alternative; boundary="0000000000002184990577f60284"

--0000000000002184990577f60284
Content-Type: text/plain; charset="UTF-8"

+1 for openssl

Libressl removed things we need. Like engine support.

On Thu, 11 Oct 2018, 18.54 Natanael Copa, <ncopa@alpinelinux.org> wrote:

> Hi,
>
> Are there any good reasons to not switch back to OpenSSL for v3.9?
>
> Some reasons why I think we should switch back to OpenSSL:
> - better upstream support from projects
> - To my understanding, various of the issues in OpenSSL that made us
>   switch to libressl have been resolved. (for example memory management)
> - libressl failed to retain compability with OpenSSL
> - libressl breaks ABI every 6 months, OpenSSL does not
> - FIPS support
>
> Some reasons to why we may continue with libressl may be:
> - its smaller
> - has fewer CVEs (due to their approach to remove stuff)
> - libtls
>
> Previous thread on the issue:
> http://lists.alpinelinux.org/alpine-devel/6073.html
>
>
> -nc
>
>
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
>
>

--0000000000002184990577f60284
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">+1 for openssl<div dir=3D"auto"><br></div><div dir=3D"aut=
o">Libressl removed things we need. Like engine support.</div></div><br><di=
v class=3D"gmail_quote"><div dir=3D"ltr">On Thu, 11 Oct 2018, 18.54 Natanae=
l Copa, &lt;<a href=3D"mailto:ncopa@alpinelinux.org">ncopa@alpinelinux.org<=
/a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0=
 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Are there any good reasons to not switch back to OpenSSL for v3.9?<br>
<br>
Some reasons why I think we should switch back to OpenSSL:<br>
- better upstream support from projects<br>
- To my understanding, various of the issues in OpenSSL that made us<br>
=C2=A0 switch to libressl have been resolved. (for example memory managemen=
t)<br>
- libressl failed to retain compability with OpenSSL<br>
- libressl breaks ABI every 6 months, OpenSSL does not<br>
- FIPS support<br>
<br>
Some reasons to why we may continue with libressl may be:<br>
- its smaller<br>
- has fewer CVEs (due to their approach to remove stuff)<br>
- libtls<br>
<br>
Previous thread on the issue:<br>
<a href=3D"http://lists.alpinelinux.org/alpine-devel/6073.html" rel=3D"nore=
ferrer noreferrer" target=3D"_blank">http://lists.alpinelinux.org/alpine-de=
vel/6073.html</a><br>
<br>
<br>
-nc<br>
<br>
<br>
---<br>
Unsubscribe:=C2=A0 <a href=3D"mailto:alpine-devel%2Bunsubscribe@lists.alpin=
elinux.org" target=3D"_blank" rel=3D"noreferrer">alpine-devel+unsubscribe@l=
ists.alpinelinux.org</a><br>
Help:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a href=3D"mailto:alpine-devel%2Bhel=
p@lists.alpinelinux.org" target=3D"_blank" rel=3D"noreferrer">alpine-devel+=
help@lists.alpinelinux.org</a><br>
---<br>
<br>
</blockquote></div>

--0000000000002184990577f60284--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---