From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 5A1A613877A for ; Sun, 13 Jul 2014 17:59:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B0B2BE0857; Sun, 13 Jul 2014 17:59:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B2818E0850 for ; Sun, 13 Jul 2014 17:59:29 +0000 (UTC) Received: from 127.0.0.1 (unknown [195.154.243.53]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: hasufell) by smtp.gentoo.org (Postfix) with ESMTPSA id 19BB533F5FB for ; Sun, 13 Jul 2014 17:59:27 +0000 (UTC) Message-ID: <53C2C8F7.8020609@gentoo.org> Date: Sun, 13 Jul 2014 17:59:19 +0000 From: hasufell Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [RFC] LibreSSL, introduce virtual/openssl References: <53C12C21.6070605@gentoo.org> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 0dce0ec5-ef1c-4051-a347-fbd0ad962b25 X-Archives-Hash: d843ad3ba6fd812debbef21356252d49 Dirkjan Ochtman: > On Sat, Jul 12, 2014 at 2:37 PM, hasufell wrote: >> So libressl is meant as a drop-in replacement for openssl. > > Some caveats have already been discovered: > > http://devsonacid.wordpress.com/2014/07/12/how-compatible-is-libressl/ > > Cheers, > > Dirkjan > The Werror thing is fixed in the ebuild. The next release is now signed and should enter the tree in the near future, along with the virtual ebuilds. So for people who want to help, I'd propose the following procedure: 1) Testing: https://github.com/gentoo/libressl (should already work with 'layman -a libressl') It contains dummy openssl ebuilds so the virtuals are not yet needed. It also contains a portable version of the signify tool (to verify the libressl tarballs), patched wget and patched openssh with patch from Hanno. I'd suggest to focus testing there, so we don't duplicate work. 2) depending on how big the fallout is we have to decide whether to add libressl to ~arch or masked later and even have to decide whether adding a virtual/openssl right now makes any sense. We'll shoot ourselves in the foot if we add the virtual now and realize later that it doesn't work out. 3) Depending on 2) add virtual/openssl and dev-libs/libressl to the tree and start converting the tree (~arch ebuilds with simple openssl atoms can probably be fixed with a script, see https://bugs.gentoo.org/show_bug.cgi?id=508750#c23). Stable arch ebuilds should probably be fixed by their respective maintainers. We should send out a dev-announce too then.