From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EEED11382C5 for ; Tue, 29 Dec 2020 13:08:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1D7972BC089; Tue, 29 Dec 2020 13:08:33 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D40922BC062 for ; Tue, 29 Dec 2020 13:08:32 +0000 (UTC) Message-ID: <948e6d9c55b11ea2074fcdd125d4990b4b99a394.camel@gentoo.org> Subject: Re: [gentoo-dev] [RFC] Discontinuing LibreSSL support? From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org, Peter Stuge Date: Tue, 29 Dec 2020 14:08:27 +0100 In-Reply-To: <889061bd-c093-5b57-0d0f-1d59e99799bb@uls.co.za> References: <20201228220054.19436.qmail@stuge.se> <20201228231809.21527.qmail@stuge.se> <5ea24603ce550d4580f8e41fbf6700dd2959b67e.camel@gentoo.org> <20201229112935.32397.qmail@stuge.se> <889061bd-c093-5b57-0d0f-1d59e99799bb@uls.co.za> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: d8ac068a-11d6-44c3-aa61-bfe86cdf7f15 X-Archives-Hash: 2719d2cd7c9292e09bc8ab7d3c4aa25e On Tue, 2020-12-29 at 14:39 +0200, Jaco Kroon wrote: > 2.  Install them into different prefixes (eg /usr/lib/openssl + > /usr/lib/libressl and have the linker link to a specific version, > /usr/include/{openssl,libressl} too). For the record, this is something I've been wondering about for a long time. However, there are two problems with that: a small one and a huge one. The small problem is that this requires a lot of additional downstream work. I mean, you have to explicitly support the choice in ebuilds, and this means making things even harder for newcomers. The big problem is that (unless I'm mistaken) we won't be able to load LibreSSL and OpenSSL to the same executable. So we'd actually have to enforce that the whole link chain links to the same SSL provider, and effectively land pretty close to where we are now. -- Best regards, Michał Górny