First Release of LibreSSL Portable Available
First Release of LibreSSL Portable Available
Posted Jul 15, 2014 10:17 UTC (Tue) by zenaan (guest, #3778)In reply to: First Release of LibreSSL Portable Available by roblucid
Parent article: First Release of LibreSSL Portable Available
Come on - patience! This is not slashdot, this is lwn.net, and at least a cursory wikipedia check ought be done before fishing for "better support" with "negativity"/ projection of assumptions etc. Not cool. Not intelligent.
From the wikipedia page for BoringSSL, checked just now:
"In June 2014, Google announced its own fork of OpenSSL dubbed BoringSSL. Google plans to co-operate with OpenSSL and LibreSSL developers.[29]"
Posted Jul 15, 2014 15:36 UTC (Tue)
by roblucid (guest, #48964)
[Link] (2 responses)
We'll just see if there's technical/personal disagreements and long term split like Emacs, or whether a consensus can be reached. My impression is, developers under-estimate usefullness of binary compatability to clued up sys admins.
Posted Jul 15, 2014 16:41 UTC (Tue)
by moltonel (subscriber, #45207)
[Link] (1 responses)
My impression is, you overestimate the feasability of fixing OpenSSL without breaking binary compatibility :p You can only do so much while keeping compatibility. Some bugs are exposed in the API itself; fixing them requires changing the API and breaking compatibility. Not fixing something because it'd break compatibility is a recipe for the next blockbuster security flaw.
As annoying as it is for sysadmins and downstream projects, they won't get better security without some porting efforts.
Posted Jul 16, 2014 9:55 UTC (Wed)
by roblucid (guest, #48964)
[Link]
There's a balance to be struck, I agree with what you are saying here and don't expect a bug for bug binary compatibility, but am sceptical about the useful results and effects of the approach taken by this fork.
First Release of LibreSSL Portable Available
First Release of LibreSSL Portable Available
First Release of LibreSSL Portable Available