Announcement

Collapse
No announcement yet.

OpenSSL Forked By OpenBSD Into LibreSSL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OpenSSL Forked By OpenBSD Into LibreSSL

    Phoronix: OpenSSL Forked By OpenBSD Into LibreSSL

    Following the fallout from the OpenSSL Heartbleed bug, OpenBSD developers have decided to fork the OpenSSL code-base to create LibreSSL...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Why CVS!?

    Comment


    • #3
      They removed Windows support.
      In the wake of Heartbleed, a well-known open source development group is creating a simpler, cleaner version of the dominant OpenSSL.

      Comment


      • #4
        Cowards !

        Really !?!? cowards !!! instead of helping the project they fork it so they wont be harmed ?? the nerve ...

        Comment


        • #5
          This seems rather like an overreaction, and somewhat of a vote of no confidence in the governance of OpenSSL which is a worrying precedent. I'm no expert, but from what I've read of the issue, it was a rather trivial mistake. I understand the far-reaching consequences of it, but it seems like it could have happened to anybody.

          Having said that, it'd be nice if they could clean up the code. Also, it seems like the type of thing that the BSD camp would be good stewards for, being the security stalwarts that they are.

          But I can't help but feel the better course of action would be to work with whomever currently controls OpenSSL to improve checks and balances rather than just fork it. It feels decidedly NIH-esque. It's not like OpenSSL is governed by Sun Microsystems.

          Comment


          • #6
            1) They use CVS because they like it. I don't know why, but I doubt it really matters.

            2) They are removing all OS support so that they can get it down to a lean, core library that they are happy with, after which they will accept patches to port it to new operating systems. OpenSSH started out as being for OpenBSD, and they accepted patches to make it portable, so this approach is in line with that, and seems pretty fair.

            3) They are forking it as they don't believe the OpenSSL developers can be trusted to do a good job. Somebody made a page going through the changes they're making to the original OpenSSL code: http://opensslrampage.org/. It's well worth a read to see some of the stuff that was going on.

            Comment


            • #7
              Originally posted by ba7a7chy View Post
              Really !?!? cowards !!! instead of helping the project they fork it so they wont be harmed ?? the nerve ...
              I'm really not liking this move. OpenSSL has just undergone a major blow, and so they just cut and run instead of sticking around to help fix it? Instead, they decide to just prune out a bunch of deprecated features and reduce platform support. I'm hoping that at least the licenses stay compatible so that actual fixes can be shared between projects... or that eventually OpenBSD comes back into the fold.

              Comment


              • #8
                Originally posted by Veerappan View Post
                I'm really not liking this move. OpenSSL has just undergone a major blow, and so they just cut and run instead of sticking around to help fix it? Instead, they decide to just prune out a bunch of deprecated features and reduce platform support. I'm hoping that at least the licenses stay compatible so that actual fixes can be shared between projects... or that eventually OpenBSD comes back into the fold.
                Didn't you read the article? The roadmap has a return to full platform portability as an endgoal.

                Comment


                • #9
                  Originally posted by Veerappan View Post
                  I'm really not liking this move. OpenSSL has just undergone a major blow, and so they just cut and run instead of sticking around to help fix it? Instead, they decide to just prune out a bunch of deprecated features and reduce platform support. I'm hoping that at least the licenses stay compatible so that actual fixes can be shared between projects... or that eventually OpenBSD comes back into the fold.
                  The trouble is that whilst looking through they've found lots of other unpleasant stuff. I agree that standardising on an implementation has huge benefits, but if that's done at the cost of security/reliability of such a fundamental library (and a cryptographic one at that) then going back into the fold could actually be harmful.

                  The reduction in platform support is so that they can get it right on their platform (that they know exceptionally well) before accepting patches to port it to other operating systems, their exact words: "our primary focus is good software that we trust to run ourselves".

                  Take a look at http://opensslrampage.org/ to see more details of the kind of thing they were fixing.

                  Comment


                  • #10
                    Can the editors/author of Phoronix show this as most likely the most valiant fork & coding effort within the last ~10 years?

                    OpenSSL is basically UNFIXABLE, this is what must be done to FIX OPENSSL ITSELF; since openssl is TOO BROKEN.

                    SO this project (LibreSSL) will hopefully become the new library all projects will link into their code as the crypto & security code in place of OpenSSL after they sort things out, lock crazy things down and get coding standards up, and can add PROPER multi-platform support unlike the craziness it was before their http://opensslrampage.org/ started which is almost a commit log of how the progress was and what had been done to get to the point they are now.

                    They aren't trying to just fork & run like most of the buffoons above are saying, but they're doing their best to help save the internet as a whole by fixing such a crucial piece of infrastructure that is now coming from the devs who created openssh.

                    Comment

                    Working...
                    X