From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C7D271382C5 for ; Tue, 29 Dec 2020 09:13:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DC9D92BC010; Tue, 29 Dec 2020 09:13:23 +0000 (UTC) Received: from b2062.mx.srv.dfn.de (b2062.mx.srv.dfn.de [194.95.234.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2A92EE09B8 for ; Tue, 29 Dec 2020 09:13:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by b2062.mx.srv.dfn.de (Postfix) with ESMTP id 9351F1600AC for ; Tue, 29 Dec 2020 10:13:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mdc-berlin.de; h= in-reply-to:content-transfer-encoding:content-disposition :content-type:content-type:mime-version:references:message-id :subject:subject:from:from:date:date:received:received:received; s=mdc; t=1609233199; x=1611047600; bh=q2sDe/mZRKqvBZYjvlw89JNCg h1J2v2K02G5cvthICg=; b=a7Yi4oAWWu4tdZch5nejiLFnsCnXbIhelM57j0h6S +XMc1aqp7dTXTPVysGSvXsVGlJBQENqmyL1mZOHneAwIN+5WlnOByrNTmbPI9eT8 m51Scx54EhdXEWZEMNACibF7qsH2+zGCkzz1uR86aq2hv3u0yhCfkJeP/PMkWDJd 2Y= Received: from b2062.mx.srv.dfn.de ([127.0.0.1]) by localhost (mgw4-tub.srv.dfn.de [127.0.0.1]) (amavisd-new, port 20134) with ESMTP id A7ugWvNePPWL for ; Tue, 29 Dec 2020 10:13:19 +0100 (CET) Received: from SW-IT-P-EX3.mdc-berlin.net (mgw3.mdc-berlin.de [141.80.113.61]) by b2062.mx.srv.dfn.de (Postfix) with ESMTPS for ; Tue, 29 Dec 2020 10:13:19 +0100 (CET) Received: from pheidippides (149.224.169.149) by SW-IT-P-EX3.mdc-berlin.net (141.80.113.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 29 Dec 2020 10:13:18 +0100 Date: Tue, 29 Dec 2020 10:13:16 +0100 From: Marcel Schilling To: Subject: Re: [gentoo-dev] [RFC] Discontinuing LibreSSL support? Message-ID: <20201229091316.g3ny4x4faqpfpsk7@pheidippides> References: <20201228220054.19436.qmail@stuge.se> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Originating-IP: [149.224.169.149] X-ClientProxiedBy: SW-IT-P-EX1.mdc-berlin.net (141.80.113.54) To SW-IT-P-EX3.mdc-berlin.net (141.80.113.61) X-TM-AS-Product-Ver: SMEX-14.0.0.3080-8.6.1012-25878.006 X-TM-AS-Result: No-10--16.509700-8.000000 X-TMASE-MatchedRID: WMT2WRIkHPNlpmlM1IvJ9vZvT2zYoYOwC/ExpXrHizxmtB6IcG/WCKSx VUPqsOdUbvZ/5h45KfIaZau5erKKpogq3EZzQ3Sp9FQh3flUIh4zTATDGmcD/i99T+uJIleRLVy Jq2JJDMNTUj859R1iyKuLA9UMu5EHW/OF0jTZNZjWKVDgooDCt8uCYrT3WeZNRbY7SM9dI+X5ih 3vHFgxg+8+tYH+bsNfn8jpZX/edY1thJ7IXRIqNpzEHTUOuMX3C//1TMV5chNWtjflsIhD8DIhu acey5OcsEiCT5Iv8r7YEfgHBZ2DHSDqOUJBjnQyHcQQBuf4ZFsz5Bg5ZL1ch0SbbPTiMagT2Shy VhtSGxC58Ekbt0Wd7M3ejNbziNiUotcND2Gb6hRswYo64ufkVfaFQCjAYqKnVDAhOohDVfb/NKR ivtzqoOjSGf37erKA7VyMTWSZBhGjxYyRBa/qJUl4W8WVUOR/9xS3mVzWUuBk431H65J9AA== X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10--16.509700-8.000000 X-TMASE-Version: SMEX-14.0.0.3080-8.6.1012-25878.006 X-TM-SNTS-SMTP: 60B535EEC1FE23BC4DDD2CBB125E439174A8B98DE6AE8E0A5822BF8BA9AB6C862000:F X-Archives-Salt: 867ca911-6945-42ea-943f-ee957e7edacb X-Archives-Hash: 12833fdf1b28d36f3eb699dab807073e On Mon, Dec 28, 2020 at 11:33:36PM +0100, Michał Górny wrote: > On Mon, 2020-12-28 at 22:00 +0000, Peter Stuge wrote: > > Michał Górny wrote: > > > LibreSSL users, does LibreSSL today have any benefit over OpenSSL? > > > > Yes, at least two: > > > > A. It is a distinct implementation with probably /quite some/ stable > > compatibility, meaning that it will work perfectly fine as an > > alternative in many cases. > > Except that it doesn't, as has been proven numerous times. I just want to comment that I switched to LibreSSL on several Gentoo systems years ago and never had any major issues. I run both desktop and server systems with LibreSSL, based on X and Wayland. The only issues I ran into is a slight lag of the overlay behind the main tree so once in a while I had to mask a new version of some package for a week or so. So from a pure user perspective, thing change would mean a risky update to systems running stable for years with no gain whatsoever. So even if LibreSSL does not provide any advantage over OpenSSL (anymore), dropping support would do harm. That said, I do understand maintainer burden and I will probably be fine with such a change. But I have to say that over the last ten years, Gentoo does feel a lot less focussed on choice than it used to and I am counting the days until is deemed 'unpractical' to support legacy boot, non-systemd init or 'exotic' arches. ;-) Best, Marcel