From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B4AD613888F for ; Fri, 30 Oct 2015 23:10:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F29A421C03A; Fri, 30 Oct 2015 23:10:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0C22221C007 for ; Fri, 30 Oct 2015 23:10:26 +0000 (UTC) Received: from pomiot (d202-251.icpnet.pl [109.173.202.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id A495E340C7C; Fri, 30 Oct 2015 23:10:22 +0000 (UTC) Date: Sat, 31 Oct 2015 00:10:07 +0100 From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= To: Rich Freeman Cc: gentoo-dev Subject: Re: [gentoo-dev] ssl vs openssl vs libressl vs gnutls USE flag foo Message-ID: <20151031001007.169166e3.mgorny@gentoo.org> In-Reply-To: References: <56302DC3.4050909@gentoo.org> <20151030185500.6890963d.mgorny@gentoo.org> <5633C686.7070105@gentoo.org> <5633DE12.3020109@gentoo.org> Organization: Gentoo X-Mailer: Claws Mail 3.13.0 (GTK+ 2.24.28; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/AW8KCJpyKT5Qd/I1=nXDE6/"; protocol="application/pgp-signature" X-Archives-Salt: ab03eef3-8969-49b8-809c-cc3931c551da X-Archives-Hash: 3243ee13d98d8010222f71837f0a0255 --Sig_/AW8KCJpyKT5Qd/I1=nXDE6/ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 30 Oct 2015 18:25:14 -0400 Rich Freeman wrote: > On Fri, Oct 30, 2015 at 5:16 PM, Anthony G. Basile = wrote: > > On 10/30/15 3:35 PM, hasufell wrote: =20 > >> > >> On 10/30/2015 06:55 PM, Micha=C5=82 G=C3=B3rny wrote: =20 > >>> > >>> We have no way of saying 'I prefer polarssl, then gnutls, then > >>> libressl, and never openssl'. =20 > >> > >> I don't think this is something that can be reasonably supported and it > >> sounds awfully automagic. And I don't see how this is possible right > >> now, so I'm not really sure what you expect to get worse. > >> > >> E.g. -gnutls pulling in dev-libs/openssl is not really something you'd > >> expect. If we go for provider USE flags, then things become consistent, > >> explicit and unambiguous. The only problem is our crappy implementation > >> of providers USE flags via REQUIRED_USE. > >> =20 > > I'm not sure what mgorny has in mind, but the problem I see with saying= I > > want just X to be my provider system wide is that some pkgs build with X > > others don't, other pkgs might need a different provider. So it might = make > > sense to order them in terms of preference: X1 > X2 > X3 ... and then w= hen > > emerging a package, the first provider in the preference list that work= s is > > pulled in for that package. =20 >=20 > I think that would be useful in general. It would probably not be > useful in this case, since it was somebody's bright idea to make it > essentially impossible to install two of the options on the same > system (and that wasn't directed at hasufell). Users could of course > still express the preference, but the PM would need to be smart enough > to ignore that preference on 95% of packages that support both options > so that it can take the lower preference on the 5% of packages that > only support the option the user didn't really want. No, that's not *the* problem. LibreSSL vs OpenSSL is actually the *least* problematic one since we intend to support them as 'drop-in-plus-rebuild' replacements. The real problem is those fancy upstreams who believe they're doing everyone a favor by providing the choice between multiple SSL providers. This is what brings the real conflicts here, and this what often loves to break stuff even further by introducing cross-package implementation match requirements... --=20 Best regards, Micha=C5=82 G=C3=B3rny --Sig_/AW8KCJpyKT5Qd/I1=nXDE6/ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJWM/jPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2REJCMDdDQzRGMERBRDA2RUEwQUZFNDFC MDdBMUFFQUVGQjQ0NjRFAAoJELB6GurvtEZOVIAQALUFaGJpvjuBx7h8bCLAMFma 6j6Ug7Bc5aP2H7xiiIsbaHeFkxXismQ56W1Z8qxTUb8yv+ILrWCTOYqv+nlo97YK jAGy7zdlOgpRJgICii67tnzUuvFfDNEIl3K8YesAoKwrUCLrRrYBezY1m0uwPd8C 0UGLq7GpwXwlKLI2lzrkZ2NYvq0Pe/qA+FfbM8QY5Zn9HAefMd8dVepx28Kn7vBF j+rlleD10DiR6PseAbFTKrDcrXFDHVUPfSedK0m1QH40okmj0H8kn4hw1ezcJ1PT wbH/FBRq8yQevqsOgefnjMblWctxLz4R/b0mSBDSw9kAad2o4mqKZfDoP8Lw3zhj djkuYxGmvlXl7o7dCi8eTqrxXIoPoS5Req3ZzmYkuzY4Kv84tMudOMBB5bDnO0+X YZ+tqnClsK0uXFZllSLoIeR9MDlgZyu33hbRNYglMd5kIEiVZAIqgMOUFCe8KiSG DtUhhap7c9FYL7jNz49oHC/UEsrt8CEekV0jeRTeXHVQNUu+sENSl4HsxYcVGl7L i35YWkp9+1T79meNB+SwHknaAv2dhsoHL+viba/4wNNVLoqWncY4qSbm4pTNAcBx u9EVQl91vOpu54HjVwY+SB7H6xuWqlwZmggj4jJWwhvdIKNjjRLMowG5EkyKQHKz tEK1YsnUxeBY24doX4Zj =s//T -----END PGP SIGNATURE----- --Sig_/AW8KCJpyKT5Qd/I1=nXDE6/--