X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from mail-vs1-f43.google.com (mail-vs1-f43.google.com [209.85.217.43])
	by lists.alpinelinux.org (Postfix) with ESMTP id 93DA55C61E5
	for <alpine-devel@lists.alpinelinux.org>; Thu, 11 Oct 2018 16:39:26 +0000 (GMT)
Received: by mail-vs1-f43.google.com with SMTP id e206so9182742vsd.0
        for <alpine-devel@lists.alpinelinux.org>; Thu, 11 Oct 2018 09:39:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=2BSfKUE8HFjVPtqwM2Brp7gwE6bRQ6sSqZ+DFt5vLvE=;
        b=JyXyrioPhro0ImDBfYc2GmSzb9kcEwmY2+yQvY5CuXJID0ZgTkjGFIRX28BH5yi/67
         c5Ux0Dsvj1DR/VJItgxB8we1wMYD4oW853Cc4jCYcpGINFOXDVjN5yokobK/5dikTeP6
         Yq8F/iGMzhzhK3pyli8S7BTXccm6ILxFfjyEFE9GahHDyO2dCI8JQ94XdByGGZd/+JgB
         X8T/X4KTnZcfn34oFjx8Rsf1P7FgYt0Vt8l7nCsoN1ZO53JgxYgT2sQ6nk5aC8Y4n7Mo
         Q2pwcILTSDMvJ8A9tjAoEQkgE+x91K6zdplun5u+p03vZTdJbEszerh8v/o/wnS7UN+k
         8rdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=2BSfKUE8HFjVPtqwM2Brp7gwE6bRQ6sSqZ+DFt5vLvE=;
        b=QKMLc890L5203ucEhFQr/23uCyTdI+jiKBCfJhc1tNP0bnzI+gGxveo9CjtSMYTypn
         jSkPw/E9MIkWSVV83E8sDYmUEGxq6w+pzsbqp7YkKEIZiqu63N3SvkIuVaq0/5YtQVmR
         hOnOVDpehOqAnn895z9yXzlHDxB3h9By9xXmcu6BX7HR7IM56sXPI4FQ+LEOA9NNlkAH
         JGASUwGeBNm9kA991baNqcntSBd9zk/2rbfocFduJr4RXpJc4en1zVlgjN4pqLuo9IF0
         z+VapGwGdnnl5fPlEpgMPGLJBR9gpJNF/Yohatagv1KD0Xn5/A+x8nVNAt0YvGmymh+N
         dsyg==
X-Gm-Message-State: ABuFfoi7Vj3dcKYpDrUqWI+AG+/UxyJ+tBV3ROIc4jX7LXwpiDhOSV3C
	mPJNCjRfD3z9zCnzUL/y0CLhioYCQwKsAfkVCRY=
X-Google-Smtp-Source: ACcGV61b8n9b711foyav0LH+PA8ctERqD15EhiuDXkEFfn6LPa/XbwDEEgbFz4Wk+7VH1nE0xiWSnGYp3iI5lFUkHH8=
X-Received: by 2002:a67:584:: with SMTP id 126mr929167vsf.67.1539275965843;
 Thu, 11 Oct 2018 09:39:25 -0700 (PDT)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
References: <20181011171746.4c01f758@ncopa-desktop.copa.dup.pw>
In-Reply-To: <20181011171746.4c01f758@ncopa-desktop.copa.dup.pw>
From: Leonardo Arena <rnalrd@gmail.com>
Date: Thu, 11 Oct 2018 18:39:14 +0200
Message-ID: <CAGG_d8BznmmOsMVTu3z_xY8P8XyF_M64o5-+L6_Lpy+JG+BMrA@mail.gmail.com>
Subject: Re: [alpine-devel] Switching back to OpenSSL
To: Natanael Copa <ncopa@alpinelinux.org>
Cc: Alpine-devel <alpine-devel@lists.alpinelinux.org>
Content-Type: multipart/alternative; boundary="00000000000027cecf0577f69d6d"

--00000000000027cecf0577f69d6d
Content-Type: text/plain; charset="UTF-8"

On Thu, Oct 11, 2018 at 5:17 PM Natanael Copa <ncopa@alpinelinux.org> wrote:

> Hi,
>
> Are there any good reasons to not switch back to OpenSSL for v3.9?
>
> Some reasons why I think we should switch back to OpenSSL:
> - better upstream support from projects
> - To my understanding, various of the issues in OpenSSL that made us
>   switch to libressl have been resolved. (for example memory management)
> - libressl failed to retain compability with OpenSSL
> - libressl breaks ABI every 6 months, OpenSSL does not
> - FIPS support
>
> Some reasons to why we may continue with libressl may be:
> - its smaller
> - has fewer CVEs (due to their approach to remove stuff)
> - libtls
>
> Previous thread on the issue:
> http://lists.alpinelinux.org/alpine-devel/6073.html
>
>
I think that the package maintenance work alone doesn't justify LibreSSL
pros, not to mention that some packages never worked with LibreSSL (not
implying that is due to LibreSSL fault).

+1 to revert.

/eo

--00000000000027cecf0577f69d6d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Thu, Oc=
t 11, 2018 at 5:17 PM Natanael Copa &lt;<a href=3D"mailto:ncopa@alpinelinux=
.org">ncopa@alpinelinux.org</a>&gt; wrote:<br></div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">Hi,<br>
<br>
Are there any good reasons to not switch back to OpenSSL for v3.9?<br>
<br>
Some reasons why I think we should switch back to OpenSSL:<br>
- better upstream support from projects<br>
- To my understanding, various of the issues in OpenSSL that made us<br>
=C2=A0 switch to libressl have been resolved. (for example memory managemen=
t)<br>
- libressl failed to retain compability with OpenSSL<br>
- libressl breaks ABI every 6 months, OpenSSL does not<br>
- FIPS support<br>
<br>
Some reasons to why we may continue with libressl may be:<br>
- its smaller<br>
- has fewer CVEs (due to their approach to remove stuff)<br>
- libtls<br>
<br>
Previous thread on the issue:<br>
<a href=3D"http://lists.alpinelinux.org/alpine-devel/6073.html" rel=3D"nore=
ferrer" target=3D"_blank">http://lists.alpinelinux.org/alpine-devel/6073.ht=
ml</a><br>
<br></blockquote><div><br></div><div>I think that the package maintenance w=
ork alone doesn&#39;t justify LibreSSL pros, not to mention that some packa=
ges never worked with LibreSSL (not implying that is due to LibreSSL fault)=
.<br></div><div><br></div><div>+1 to revert.</div><div><br></div><div>/eo<b=
r></div></div></div>

--00000000000027cecf0577f69d6d--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---