From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 7150013877A for ; Wed, 16 Jul 2014 07:16:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 063C0E0A97; Wed, 16 Jul 2014 07:16:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 070A3E0A8A for ; Wed, 16 Jul 2014 07:16:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id EE8DB33F128 for ; Wed, 16 Jul 2014 07:16:51 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.159 X-Spam-Level: X-Spam-Status: No, score=-1.159 tagged_above=-999 required=5.5 tests=[AWL=-1.156, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLJKqyP4b5ER for ; Wed, 16 Jul 2014 07:16:46 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 18B8533F498 for ; Wed, 16 Jul 2014 07:16:45 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1X7JSF-0003i9-0h for gentoo-dev@gentoo.org; Wed, 16 Jul 2014 09:16:43 +0200 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 16 Jul 2014 09:16:43 +0200 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 16 Jul 2014 09:16:43 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: [RFC] LibreSSL, introduce virtual/openssl Date: Wed, 16 Jul 2014 07:16:33 +0000 (UTC) Message-ID: References: <53C12C21.6070605@gentoo.org> <53C2C8F7.8020609@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.140 (Chocolate Salty Balls; GIT d447f7c /m/p/portage/src/egit-src/pan2) X-Archives-Salt: d2f9fb62-427b-445b-85c1-3fe7e1629a19 X-Archives-Hash: a3451c70a2d4ca6a5809211fa1916700 Matthew Summers posted on Tue, 15 Jul 2014 09:18:23 -0500 as excerpted: > So, libressl is really nowhere near ready for prime time or even late > night TV (perhaps the day time talk shows, but that is a stretch given > the PRNG situation). I think preparing a virtual and updating dependent > ebuilds for the explosion of replacements is grand, however we should > make it _very_ clear to everyone that issues exist that make libressl > unsafe for anything other than play time. Here's another link for those following along: Ars-technica (via LWN): OpenSSL fork LibreSSL is declared "unsafe for Linux" http://lwn.net/Articles/605509/rss Basically it's a pid-duplication issue, aka an "I'm my own grandpa" issue, as someone mentions in the comments. There's also a note both in the comments and now on the original Ars article saying a patch has already been pushed, but the point stands, "nowhere near ready for prime time" indeed. It'll take a bit of time, but for now as already suggested, introducing the virtual with the single openssl provider does seem reasonable. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman