From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5243B138334 for ; Sat, 9 Jun 2018 08:36:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7965EE0905; Sat, 9 Jun 2018 08:36:09 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 11E26E08DA for ; Sat, 9 Jun 2018 08:36:08 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 40889335C75; Sat, 9 Jun 2018 08:36:06 +0000 (UTC) Message-ID: <1528533362.1261.39.camel@gentoo.org> Subject: Re: [gentoo-dev] Current status with openssl-1.1 From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org, base-system@gentoo.org Cc: crypto@gentoo.org Date: Sat, 09 Jun 2018 10:36:02 +0200 In-Reply-To: <20180609102206.131b1117@abudhabi.paradoxon.rec> References: <20180609102206.131b1117@abudhabi.paradoxon.rec> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 103e352d-ed53-4743-a756-25c04db3d7e5 X-Archives-Hash: d75318742bad0e25fdbcf1cfd2394f96 W dniu sob, 09.06.2018 o godzinie 10∶22 +0200, użytkownik Lars Wendler napisał: > This and the fact that you can build openssl-1.1 with three different > API versions (0.9.8, 1.0.0 and 1.1.0) makes it exceptionally hard for > openssl consumers to migrate their code to openssl-1.1. Could you elaborate a bit on this? Are those versions controlled entirely at build time? Do they provide some degree of compatibility between different APIs, or are they exclusively 'only this API'? > openssh upstream even raised the idea to simply focus crypto support in > their software on libressl which I personally think is a really bad > move. But coming from the same people (openssh and libressl are both > developed by OpenBSD people), it's no big surprise this idea came up at > some point. Even if that happened, we have projects such as Qt on the other side whose upstreams refuse to support LibreSSL. -- Best regards, Michał Górny