X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from smtp7.tech.numericable.fr (smtp7.tech.numericable.fr [82.216.111.43])
	by lists.alpinelinux.org (Postfix) with ESMTP id B9B795C3A70
	for <alpine-devel@lists.alpinelinux.org>; Thu,  8 Feb 2018 17:53:40 +0000 (GMT)
Received: from skarnet.org (ip-182.net-82-216-21.versailles2.rev.numericable.fr [82.216.21.182])
	by smtp7.tech.numericable.fr (Postfix) with SMTP id A712161638
	for <alpine-devel@lists.alpinelinux.org>; Thu,  8 Feb 2018 18:53:39 +0100 (CET)
Received: (qmail 6953 invoked from network); 8 Feb 2018 18:54:06 +0100
Received: from elzian.internal.skarnet.org. (HELO ?192.168.0.2?) ()
  by sinay.internal.skarnet.org. with SMTP; 8 Feb 2018 18:54:06 +0100
From: "Laurent Bercot" <ska-devel@skarnet.org>
To: alpine-dev <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] Proposed change: openssl 1.1 as default system openssl
 implementation
Date: Thu, 08 Feb 2018 17:53:39 +0000
Message-Id: <em14874651-5834-4fed-88b8-05281e31e369@elzian>
In-Reply-To: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
References: <CA+T2pCGFeh30aEi43hAvJ3yoHBijABy_U62wfjhVmf3FmbNUUg@mail.gmail.com>
Reply-To: "Laurent Bercot" <ska-devel@skarnet.org>
User-Agent: eM_Client/7.1.31849.0
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtfedrudekgdelkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfpfgfogfftkfevteeunffgpdfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkfgjfhhrfgggtgfgsehtqhertddtreejnecuhfhrohhmpedfnfgruhhrvghnthcuuegvrhgtohhtfdcuoehskhgrqdguvghvvghlsehskhgrrhhnvghtrdhorhhgqeenucfrrghrrghmpehmohguvgepshhmthhpohhuthenucevlhhushhtvghrufhiiigvpedt

>But openssl 1.1 has a different situation: Akamai and the Core
>Infrastructure Initiative have come together to sponsor development
>and maintenance of openssl since we switched, which means that there's
>higher quality maintenance occuring now.  They are also working on a
>relicensing process, much like the libressl guys are doing, which has
>a larger scope[1].  Meanwhile, the libressl guys have been removing
>functionality we depend on, such as support for hardware accelerators
>(ENGINE apis), switching from 64-bit TAIN date calculations to time_t
>(because time_t is good enough on OpenBSD) and dropping openssl 1.0.1
>APIs they see as unsuitable.
>
>libressl promised to retain compatibility with 1.0.1g APIs, but has
>failed to do so.

  These arguments sound reasonable, so despite having lobbied for the
switch to libressl at the time, I have no objection to switching back
to openssl now.

--
  Laurent



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---