OpenBSD Affirms That LibreSSL Will Be Portable
Phoronix: OpenBSD Affirms That LibreSSL Will Be Portable
In the fallout from the OpenSSL heartbleed bug, OpenBSD developers forked OpenSSL into LibreSSL. Initially the only supported platform for LibreSSL was OpenBSD, but the BSD developers are pushing harder now for platform portability...
It'll be interesting to see which will prove more popular in the long-term, LibreSSL or the newly swimming-in-cash OpenSSL.
I normally favour burn it with fire and start again, so I'm hoping for LibreSSL. The impression that I get from the various articles I've read is that the development environment / governance surrounding OpenSSL is pretty toxic.
I'm hoping for LibreSSL as well. I generally don't agree with the "Broken? Throw more money at it!" mindset; If money is not the problem, money is not the solution.
Originally Posted by kaprikawn
Money sort of is the problem in this case. For whatever reason (there are many) only two people really do any work on OpenSSL, neither are able to do it full time, and most of the time they do get to spend on it is doing contract work to add new features, not clean things up or do bug fixing. Having a funding source that lets them bring on more people and focus on maintenance instead of features should help a ton.
Originally Posted by Daktyl198
That said, perhaps they should look in to merging some of the LibreSSL changes to get a head start on the cleanup effort.
I once read it's OpenSSL and LibreSSL is like X and Wayland.
Wayland being made the right way: way better documented and with uptated concepts in mind.
This LibreSLL idea is uterly dumb. They should better concentrate on making the best of the current OpenSSL rather than making another fork of a fork of a fork. What a wasteful mentality. This is like ffmpeg and LibAv... kindergarden.
Last edited by Nuc!eoN; 05-09-2014 at 01:51 PM.
Normally I'd agree except as we've seen time and time again (for example with the Canonical/GNOME issue) that you can't just
Originally Posted by Nuc!eoN
do a bunch of work on a Open source project and expect it to get merged in a timely manor if at all.
I don't want to be that guy, but I find it interesting that the OpenBSD guys decided to fork OpenSSL because they seem to believe that there were poor decisions made throughout the project. Yet when you look at the LibreSSL page, someone made a conscious decision to use flashing text and Comic Sans. They can't seriously criticize anyone's decision making when the page that represents their efforts looks like a 13 year old kid made this page back in 1997.
Money shouldn't be the problem. It was estimated that the project receives over $1 million per year in funding. While that may be "low" for a project of that scale, it's definitely not low enough to be a "problem". Definitely enough to pay for more than 2 people working on it full time. Not to mention I'm sure they could get plenty of security auditing companies to audit it for free (Being known as the company that found security vulnerabilities in the most widely used SSL library is great PR).
Originally Posted by Amaranth
Maybe if they stopped doing contract work for big corporations and rolling in their money-stuffed beds and actually looked at their damn code, maybe all of this (not the Heartbleed bug, but the forking and everything) could have been prevented.
Lol I though that blink tag support in firefox has been removed :s
Originally Posted by jmcknight