Em janeiro 29, 2017 20:04 Doug Newgard escreveu:
I haven't heard all that much from/about LibreSSL since shortly after the fork. Care to share what advantages it would bring, and at what cost?
The cost for rebuilding everything against OpenSSL 1.1 will probably be a big one. For LibreSSL, it would be even bigger. I think the main advantage, right away, is that LibreSSL has a considerably better security track, specially after their huge flensing. I can only dream about the bugs that might lurk on both OpenSSL 1.1 and LibreSSL. But the defensive approach OpenBSD takes on LibreSSL already has paid off in terms of CVE's that didn't affected it, but were high/critical issues on OpenSSL. It would be a considerable effort, but since there will be some for 1.1, I thought this to be the perfect opportunity for pushing an effort for LibreSSL instead. I'm as of know searching Void and Alpine bug trackers for learning the issues they faced (we should/could learn from theirs). We would probably need to bootstrap the core tools like makepkg, pacman, curl, etc with static OpenSSL support for a while, to make sure users can smoothly upgrade. Otherwise, I expect LibreSSL to be as much compatible with the userland software as OpenSSL is. Cheers, Giancarlo Razzolini
pgpPoxfk01ojy.pgp
Description: PGP signature
