Re: [gentoo-dev] LibreSSL import plan

2015-10-01 Thread Anthony G. Basile
On 10/1/15 10:14 AM, Ian Stakenvicius wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/15 03:29 PM, Anthony G. Basile wrote: On 9/30/15 12:18 PM, Ian Stakenvicius wrote: On 30/09/15 07:42 AM, hasufell wrote: * libressl has to conflict with openssl Right now libressl exports man

Re: [gentoo-dev] LibreSSL import plan

2015-10-01 Thread Andrew Savchenko
On Thu, 1 Oct 2015 09:25:42 -0400 Brian Evans wrote: > On 9/30/2015 5:40 PM, Andrew Savchenko wrote: > > > 2. Some old features are removed: > > https://en.wikipedia.org/wiki/LibreSSL#Added_features Most notably > > SSLv3 and MD5 support cancelled, while they are indeed not secure, > > some app

Re: [gentoo-dev] LibreSSL import plan

2015-10-01 Thread Ian Stakenvicius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/15 03:29 PM, Anthony G. Basile wrote: > On 9/30/15 12:18 PM, Ian Stakenvicius wrote: On 30/09/15 07:42 > AM, hasufell wrote: * libressl has to conflict with openssl > Right now libressl exports many of the same symbols as openssl > rig

Re: [gentoo-dev] LibreSSL import plan

2015-10-01 Thread Brian Evans
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/30/2015 5:40 PM, Andrew Savchenko wrote: > 2. Some old features are removed: > https://en.wikipedia.org/wiki/LibreSSL#Added_features Most notably > SSLv3 and MD5 support cancelled, while they are indeed not secure, > some apps are likely still

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Andrew Savchenko
Hi, On Wed, 30 Sep 2015 15:58:34 -0400 Rich Freeman wrote: > On Wed, Sep 30, 2015 at 3:29 PM, Anthony G. Basile > wrote: > > @rich0. Just a side comment. You said somewhere that maybe apache will > > choose openssl and postfix libressl and then we'll be in trouble. No. The > > incompatibilit

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Rich Freeman
On Wed, Sep 30, 2015 at 3:29 PM, Anthony G. Basile wrote: > > Yes you could use symbol versioning, and you can do the side by side by > renaming the library but that's a real pita for us since we'd have to hack > build systems to link against the correct library name. Ths should have > been done

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Anthony G. Basile
On 9/30/15 12:18 PM, Ian Stakenvicius wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/15 07:42 AM, hasufell wrote: * libressl has to conflict with openssl Right now libressl exports many of the same symbols as openssl right? What if it didn't -- that is, we forced a symver map

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Ian Stakenvicius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/15 09:11 AM, Rich Freeman wrote: > > Suppose apache uses libfoo and libbar. Libfoo switches to > libressl, and libbar sticks with openssl. That is going to > create a mess no matter what you do with isolating their > namespaces, because y

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Ian Stakenvicius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/15 07:42 AM, hasufell wrote: > * libressl has to conflict with openssl Right now libressl exports many of the same symbols as openssl right? What if it didn't -- that is, we forced a symver map with a libressl prefix on all symbols? That

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Andrew Savchenko
On Wed, 30 Sep 2015 15:22:40 +0200 hasufell wrote: > On 09/30/2015 02:10 PM, Kristian Fiskerstrand wrote: > > On 09/30/2015 01:51 PM, Rich Freeman wrote: > > > >> I think it was fair to pause to see if somebody could come up with > >> a better solution that allows co-existence, but absent that I

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread hasufell
On 09/30/2015 02:10 PM, Kristian Fiskerstrand wrote: > On 09/30/2015 01:51 PM, Rich Freeman wrote: > >> I think it was fair to pause to see if somebody could come up with >> a better solution that allows co-existence, but absent that I >> don't see any benefit from keeping libressl out of the tr

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Rich Freeman
On Wed, Sep 30, 2015 at 8:10 AM, Kristian Fiskerstrand wrote: > > On 09/30/2015 01:51 PM, Rich Freeman wrote: >> >> I think it was fair to pause to see if somebody could come up with >> a better solution that allows co-existence, but absent that I >> don't see any benefit from keeping libressl ou

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 09/30/2015 01:51 PM, Rich Freeman wrote: > On Wed, Sep 30, 2015 at 7:29 AM, Kristian Fiskerstrand > wrote: >> >> The way I see it this is relevant to the discussion at hand. > > Admittedly it is a bit tangential, but it didn't seem worth > for

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Rich Freeman
On Wed, Sep 30, 2015 at 7:29 AM, Kristian Fiskerstrand wrote: > > The way I see it this is relevant to the discussion at hand. Admittedly it is a bit tangential, but it didn't seem worth forking the thread over. Certainly I'm not going to invent my own mailing list and post it there, and then po

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread hasufell
On 09/30/2015 01:29 PM, Kristian Fiskerstrand wrote: > On 09/30/2015 01:27 PM, hasufell wrote: >> On 09/30/2015 01:22 PM, Rich Freeman wrote: >>> On Wed, Sep 30, 2015 at 2:35 AM, Paweł Hajdan, Jr. >>> wrote: On 9/29/15 3:32 PM, Rich Freeman wrote: > > .. > >>> Perhaps the in-between soluti

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 09/30/2015 01:27 PM, hasufell wrote: > On 09/30/2015 01:22 PM, Rich Freeman wrote: >> On Wed, Sep 30, 2015 at 2:35 AM, Paweł Hajdan, Jr. >> wrote: >>> On 9/29/15 3:32 PM, Rich Freeman wrote: .. >> Perhaps the in-between solution would be for f

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread hasufell
On 09/30/2015 01:22 PM, Rich Freeman wrote: > On Wed, Sep 30, 2015 at 2:35 AM, Paweł Hajdan, Jr. > wrote: >> On 9/29/15 3:32 PM, Rich Freeman wrote: >>> The thing is that I think the libressl authors are shooting themselves >>> in the feet. When upstreams do this sort of thing they think they're

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread Rich Freeman
On Wed, Sep 30, 2015 at 2:35 AM, Paweł Hajdan, Jr. wrote: > On 9/29/15 3:32 PM, Rich Freeman wrote: >> The thing is that I think the libressl authors are shooting themselves >> in the feet. When upstreams do this sort of thing they think they're >> making the upgrade path easier by not changing t

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread hasufell
On 09/30/2015 10:11 AM, hasufell wrote: > On 09/30/2015 08:35 AM, Paweł Hajdan, Jr. wrote: >> On 9/29/15 3:32 PM, Rich Freeman wrote: >>> The thing is that I think the libressl authors are shooting themselves >>> in the feet. When upstreams do this sort of thing they think they're >>> making the u

Re: [gentoo-dev] LibreSSL import plan

2015-09-30 Thread hasufell
On 09/30/2015 08:35 AM, Paweł Hajdan, Jr. wrote: > On 9/29/15 3:32 PM, Rich Freeman wrote: >> The thing is that I think the libressl authors are shooting themselves >> in the feet. When upstreams do this sort of thing they think they're >> making the upgrade path easier by not changing their symbo

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread Paweł Hajdan , Jr .
On 9/29/15 3:32 PM, Rich Freeman wrote: > The thing is that I think the libressl authors are shooting themselves > in the feet. When upstreams do this sort of thing they think they're > making the upgrade path easier by not changing their symbol names. In > reality, they're making the upgrade pat

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread Rich Freeman
On Tue, Sep 29, 2015 at 9:43 AM, hasufell wrote: > On 09/29/2015 03:32 PM, Rich Freeman wrote: >> [...] > > I have waited 9 days. I don't see a reason to wait another few weeks, > just because you like to bikeshed a lot. I don't recall suggesting that you should wait longer. That might be why yo

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread hasufell
On 09/29/2015 05:31 PM, Alexis Ballier wrote: > On Sat, 19 Sep 2015 23:04:14 +0200 > hasufell wrote: > >> 2. slowly start migrating those ~550 packages with "libressl" USE flag >> which is similar to gnutls USE flag. >> There will be no virtual, because those don't give sufficient control >> (lib

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread Alexis Ballier
On Sat, 19 Sep 2015 23:04:14 +0200 hasufell wrote: > 2. slowly start migrating those ~550 packages with "libressl" USE flag > which is similar to gnutls USE flag. > There will be no virtual, because those don't give sufficient control > (libressl and openssl are not ABI compatible). If API compa

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread Ben Kohler
On Tue, Sep 29, 2015 at 8:43 AM, hasufell wrote: > On 09/29/2015 03:32 PM, Rich Freeman wrote: > > [...] > > I have waited 9 days. I don't see a reason to wait another few weeks, > just because you like to bikeshed a lot. > > I honestly feel like you are wasting my time, unless _you_ can come up

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread hasufell
On 09/29/2015 03:32 PM, Rich Freeman wrote: > [...] I have waited 9 days. I don't see a reason to wait another few weeks, just because you like to bikeshed a lot. I honestly feel like you are wasting my time, unless _you_ can come up with a better solution and offer to do the actual work. So far

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread Rich Freeman
On Tue, Sep 29, 2015 at 8:22 AM, hasufell wrote: > No useful comments, so I will proceed as outlined in the transition plan. > I don't think your attitude is going to win you a lot of friends, and I don't think that we're better off for it. That said, I've yet to hear a workable alternative, and

Re: [gentoo-dev] LibreSSL import plan

2015-09-29 Thread hasufell
No useful comments, so I will proceed as outlined in the transition plan.

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Manuel Rüger
On 20.09.2015 18:57, hasufell wrote: > On 09/20/2015 06:47 PM, Manuel Rüger wrote: >> On 20.09.2015 16:26, hasufell wrote: >>> On 09/20/2015 03:27 PM, Manuel Rüger wrote: Please stop introducing further tree-wide changes regarding libressl. >>> >>> That's not possible, because in order to intr

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Rich Freeman
On Sun, Sep 20, 2015 at 12:57 PM, hasufell wrote: > On 09/20/2015 06:47 PM, Manuel Rüger wrote: >> On 20.09.2015 16:26, hasufell wrote: >>> On 09/20/2015 03:27 PM, Manuel Rüger wrote: Please stop introducing further tree-wide changes regarding libressl. >>> >>> That's not possible, because in

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread hasufell
On 09/20/2015 06:47 PM, Manuel Rüger wrote: > On 20.09.2015 16:26, hasufell wrote: >> On 09/20/2015 03:27 PM, Manuel Rüger wrote: >>> Please stop introducing further tree-wide changes regarding libressl. >> >> That's not possible, because in order to introduce the USE flag, we have >> to break the

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Manuel Rüger
On 20.09.2015 16:26, hasufell wrote: > On 09/20/2015 03:27 PM, Manuel Rüger wrote: >> Please stop introducing further tree-wide changes regarding libressl. > > That's not possible, because in order to introduce the USE flag, we have > to break the dep-graph on ~arch temporarily (for 'libressl' USE

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Anthony G. Basile
On 9/20/15 8:59 AM, Alexis Ballier wrote: On Sun, 20 Sep 2015 07:49:24 -0400 Rich Freeman wrote: On Sun, Sep 20, 2015 at 5:50 AM, Alexis Ballier wrote: Yes, that's what gnome team is doing with gtk2 vs gtk3; however, I'm not sure how much work it is. Only package I know of providing differen

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread hasufell
On 09/20/2015 03:27 PM, Manuel Rüger wrote: > Please stop introducing further tree-wide changes regarding libressl. That's not possible, because in order to introduce the USE flag, we have to break the dep-graph on ~arch temporarily (for 'libressl' USE flag only ofc), because of circular deps. I

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Rich Freeman
On Sun, Sep 20, 2015 at 9:27 AM, Manuel Rüger wrote: > On 19.09.2015 23:04, hasufell wrote: >> Friends, >> >> I think it is time to import LibreSSL[0]. There are not many packages >> left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). >> >> My idea would be: >> >> 1. import

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Manuel Rüger
On 19.09.2015 23:04, hasufell wrote: > Friends, > > I think it is time to import LibreSSL[0]. There are not many packages > left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). > > My idea would be: > > 1. import "dev-libs/libressl" (this will block dev-libs/openssl) and >

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Alexis Ballier
On Sun, 20 Sep 2015 07:49:24 -0400 Rich Freeman wrote: > On Sun, Sep 20, 2015 at 5:50 AM, Alexis Ballier > wrote: > > > > Yes, that's what gnome team is doing with gtk2 vs gtk3; however, I'm > > not sure how much work it is. Only package I know of providing > > different slots depending on what

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Rich Freeman
On Sun, Sep 20, 2015 at 7:14 AM, hasufell wrote: > On 09/20/2015 08:07 AM, Andrew Savchenko wrote: >> Greetings, >> >> On Sat, 19 Sep 2015 23:04:14 +0200 hasufell wrote: >>> Friends, >>> >>> I think it is time to import LibreSSL[0]. There are not many packages >>> left that don't compile OOTB and

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Rich Freeman
On Sun, Sep 20, 2015 at 5:50 AM, Alexis Ballier wrote: > > Yes, that's what gnome team is doing with gtk2 vs gtk3; however, I'm > not sure how much work it is. Only package I know of providing > different slots depending on what it's built upon is webkit-gtk. > > I can't imagine every library usin

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread hasufell
On 09/20/2015 08:07 AM, Andrew Savchenko wrote: > Greetings, > > On Sat, 19 Sep 2015 23:04:14 +0200 hasufell wrote: >> Friends, >> >> I think it is time to import LibreSSL[0]. There are not many packages >> left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). >> >> My idea w

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Alexis Ballier
On Sun, 20 Sep 2015 12:17:11 +0300 Andrew Savchenko wrote: > On Sun, 20 Sep 2015 10:22:59 +0200 Alexis Ballier wrote: > > > > My idea would be: > > > > > > > > 1. import "dev-libs/libressl" (this will block > > > > dev-libs/openssl) and introduce the global USE flag "libressl" > > > > with the f

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Andrew Savchenko
On Sun, 20 Sep 2015 10:22:59 +0200 Alexis Ballier wrote: > > > My idea would be: > > > > > > 1. import "dev-libs/libressl" (this will block dev-libs/openssl) and > > > introduce the global USE flag "libressl" with the following > > > description: > > > > Please try to avoid such block, e.g. insta

Re: [gentoo-dev] LibreSSL import plan

2015-09-20 Thread Alexis Ballier
On Sun, 20 Sep 2015 09:07:09 +0300 Andrew Savchenko wrote: > Greetings, > > On Sat, 19 Sep 2015 23:04:14 +0200 hasufell wrote: > > Friends, > > > > I think it is time to import LibreSSL[0]. There are not many > > packages left that don't compile OOTB and those can be patched > > (e.g. dev-lang/

Re: [gentoo-dev] LibreSSL import plan

2015-09-19 Thread Andrew Savchenko
Greetings, On Sat, 19 Sep 2015 23:04:14 +0200 hasufell wrote: > Friends, > > I think it is time to import LibreSSL[0]. There are not many packages > left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). > > My idea would be: > > 1. import "dev-libs/libressl" (this will blo

[gentoo-dev] LibreSSL import plan

2015-09-19 Thread hasufell
Friends, I think it is time to import LibreSSL[0]. There are not many packages left that don't compile OOTB and those can be patched (e.g. dev-lang/ruby). My idea would be: 1. import "dev-libs/libressl" (this will block dev-libs/openssl) and introduce the global USE flag "libressl" with the foll