Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: OpenBSD Affirms That LibreSSL Will Be Portable

  1. #1
    Join Date
    Jan 2007
    Posts
    14,324

    Default OpenBSD Affirms That LibreSSL Will Be Portable

    Phoronix: OpenBSD Affirms That LibreSSL Will Be Portable

    In the fallout from the OpenSSL heartbleed bug, OpenBSD developers forked OpenSSL into LibreSSL. Initially the only supported platform for LibreSSL was OpenBSD, but the BSD developers are pushing harder now for platform portability...

    http://www.phoronix.com/vr.php?view=MTY4NTc

  2. #2
    Join Date
    Jan 2013
    Posts
    166

    Default

    It'll be interesting to see which will prove more popular in the long-term, LibreSSL or the newly swimming-in-cash OpenSSL.

    I normally favour burn it with fire and start again, so I'm hoping for LibreSSL. The impression that I get from the various articles I've read is that the development environment / governance surrounding OpenSSL is pretty toxic.

  3. #3
    Join Date
    Jul 2013
    Posts
    342

    Default

    Quote Originally Posted by kaprikawn View Post
    It'll be interesting to see which will prove more popular in the long-term, LibreSSL or the newly swimming-in-cash OpenSSL.

    I normally favour burn it with fire and start again, so I'm hoping for LibreSSL. The impression that I get from the various articles I've read is that the development environment / governance surrounding OpenSSL is pretty toxic.
    I'm hoping for LibreSSL as well. I generally don't agree with the "Broken? Throw more money at it!" mindset; If money is not the problem, money is not the solution.

  4. #4
    Join Date
    Apr 2008
    Posts
    9

    Default

    Quote Originally Posted by Daktyl198 View Post
    I'm hoping for LibreSSL as well. I generally don't agree with the "Broken? Throw more money at it!" mindset; If money is not the problem, money is not the solution.
    Money sort of is the problem in this case. For whatever reason (there are many) only two people really do any work on OpenSSL, neither are able to do it full time, and most of the time they do get to spend on it is doing contract work to add new features, not clean things up or do bug fixing. Having a funding source that lets them bring on more people and focus on maintenance instead of features should help a ton.

    That said, perhaps they should look in to merging some of the LibreSSL changes to get a head start on the cleanup effort.

  5. #5
    Join Date
    Jul 2013
    Location
    Brasil
    Posts
    92

    Default

    I once read it's OpenSSL and LibreSSL is like X and Wayland.

    Wayland being made the right way: way better documented and with uptated concepts in mind.

    Go LibreSSL!

  6. #6
    Join Date
    Nov 2012
    Posts
    140

    Default

    This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
    Last edited by Nuc!eoN; 05-09-2014 at 01:51 PM.

  7. #7
    Join Date
    Apr 2014
    Posts
    2

    Default

    Quote Originally Posted by Nuc!eoN View Post
    This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
    Normally I'd agree except as we've seen time and time again (for example with the Canonical/GNOME issue) that you can't just
    do a bunch of work on a Open source project and expect it to get merged in a timely manor if at all.

  8. #8
    Join Date
    May 2014
    Location
    Hamilton ON Canada
    Posts
    4

    Default

    I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.

  9. #9
    Join Date
    Jul 2013
    Posts
    342

    Default

    Quote Originally Posted by Amaranth View Post
    Money sort of is the problem in this case. For whatever reason (there are many) only two people really do any work on OpenSSL, neither are able to do it full time, and most of the time they do get to spend on it is doing contract work to add new features, not clean things up or do bug fixing. Having a funding source that lets them bring on more people and focus on maintenance instead of features should help a ton.

    That said, perhaps they should look in to merging some of the LibreSSL changes to get a head start on the cleanup effort.
    Money shouldn't be the problem. It was estimated that the project receives over $1 million per year in funding. While that may be "low" for a project of that scale, it's definitely not low enough to be a "problem". Definitely enough to pay for more than 2 people working on it full time. Not to mention I'm sure they could get plenty of security auditing companies to audit it for free (Being known as the company that found security vulnerabilities in the most widely used SSL library is great PR).

    Maybe if they stopped doing contract work for big corporations and rolling in their money-stuffed beds and actually looked at their damn code, maybe all of this (not the Heartbleed bug, but the forking and everything) could have been prevented.

  10. #10
    Join Date
    Nov 2012
    Posts
    140

    Default

    Quote Originally Posted by jmcknight View Post
    Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans.
    Lol I though that blink tag support in firefox has been removed :s

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •