Announcement

Collapse
No announcement yet.

OpenBSD Affirms That LibreSSL Will Be Portable

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenBSD Affirms That LibreSSL Will Be Portable

    Phoronix: OpenBSD Affirms That LibreSSL Will Be Portable

    In the fallout from the OpenSSL heartbleed bug, OpenBSD developers forked OpenSSL into LibreSSL. Initially the only supported platform for LibreSSL was OpenBSD, but the BSD developers are pushing harder now for platform portability...

    http://www.phoronix.com/vr.php?view=MTY4NTc

  • #2
    It'll be interesting to see which will prove more popular in the long-term, LibreSSL or the newly swimming-in-cash OpenSSL.

    I normally favour burn it with fire and start again, so I'm hoping for LibreSSL. The impression that I get from the various articles I've read is that the development environment / governance surrounding OpenSSL is pretty toxic.

    Comment


    • #3
      Originally posted by kaprikawn View Post
      It'll be interesting to see which will prove more popular in the long-term, LibreSSL or the newly swimming-in-cash OpenSSL.

      I normally favour burn it with fire and start again, so I'm hoping for LibreSSL. The impression that I get from the various articles I've read is that the development environment / governance surrounding OpenSSL is pretty toxic.
      I'm hoping for LibreSSL as well. I generally don't agree with the "Broken? Throw more money at it!" mindset; If money is not the problem, money is not the solution.

      Comment


      • #4
        Originally posted by Daktyl198 View Post
        I'm hoping for LibreSSL as well. I generally don't agree with the "Broken? Throw more money at it!" mindset; If money is not the problem, money is not the solution.
        Money sort of is the problem in this case. For whatever reason (there are many) only two people really do any work on OpenSSL, neither are able to do it full time, and most of the time they do get to spend on it is doing contract work to add new features, not clean things up or do bug fixing. Having a funding source that lets them bring on more people and focus on maintenance instead of features should help a ton.

        That said, perhaps they should look in to merging some of the LibreSSL changes to get a head start on the cleanup effort.

        Comment


        • #5
          I once read it's OpenSSL and LibreSSL is like X and Wayland.

          Wayland being made the right way: way better documented and with uptated concepts in mind.

          Go LibreSSL!

          Comment


          • #6
            This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
            Last edited by Nuc!eoN; 05-09-2014, 01:51 PM.

            Comment


            • #7
              Originally posted by Nuc!eoN View Post
              This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
              Normally I'd agree except as we've seen time and time again (for example with the Canonical/GNOME issue) that you can't just
              do a bunch of work on a Open source project and expect it to get merged in a timely manor if at all.

              Comment


              • #8
                I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.

                Comment


                • #9
                  Originally posted by Amaranth View Post
                  Money sort of is the problem in this case. For whatever reason (there are many) only two people really do any work on OpenSSL, neither are able to do it full time, and most of the time they do get to spend on it is doing contract work to add new features, not clean things up or do bug fixing. Having a funding source that lets them bring on more people and focus on maintenance instead of features should help a ton.

                  That said, perhaps they should look in to merging some of the LibreSSL changes to get a head start on the cleanup effort.
                  Money shouldn't be the problem. It was estimated that the project receives over $1 million per year in funding. While that may be "low" for a project of that scale, it's definitely not low enough to be a "problem". Definitely enough to pay for more than 2 people working on it full time. Not to mention I'm sure they could get plenty of security auditing companies to audit it for free (Being known as the company that found security vulnerabilities in the most widely used SSL library is great PR).

                  Maybe if they stopped doing contract work for big corporations and rolling in their money-stuffed beds and actually looked at their damn code, maybe all of this (not the Heartbleed bug, but the forking and everything) could have been prevented.

                  Comment


                  • #10
                    Originally posted by jmcknight View Post
                    Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans.
                    Lol I though that blink tag support in firefox has been removed :s

                    Comment


                    • #11
                      Originally posted by Nuc!eoN View Post
                      Lol I though that blink tag support in firefox has been removed :s
                      You're quite possibly right. The blinking thing on LibreSSL page is done in CSS tho.

                      Comment


                      • #12
                        Originally posted by Nuc!eoN View Post
                        This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
                        Having alternatives is great. In the end, competitiveness is what drives innovation, be it open-source or proprietary. Imagine a world were there's only Gnome3?!

                        Comment


                        • #13
                          Originally posted by jmcknight View Post
                          I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.
                          from the website:
                          This page scientifically designed to annoy web hipsters. Donate now to stop the Comic Sans and Blink Tags
                          I would say its achieving its objective :P

                          Comment


                          • #14
                            Originally posted by jmcknight View Post
                            I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.
                            The web design on that page is humour. They went out of their way to use CSS to do the blinking in browsers where the blink tag doesn't work anymore.

                            Comment


                            • #15
                              Originally posted by Nuc!eoN View Post
                              Lol I though that blink tag support in firefox has been removed :s
                              Someone contributed a CSS3 transition to make it work

                              Comment

                              Working...
                              X