Page 1 of 7 123 ... LastLast
Results 1 to 10 of 65

Thread: OpenSSL Forked By OpenBSD Into LibreSSL

  1. #1
    Join Date
    Jan 2007
    Posts
    14,565

    Default OpenSSL Forked By OpenBSD Into LibreSSL

    Phoronix: OpenSSL Forked By OpenBSD Into LibreSSL

    Following the fallout from the OpenSSL Heartbleed bug, OpenBSD developers have decided to fork the OpenSSL code-base to create LibreSSL...

    http://www.phoronix.com/vr.php?view=MTY3MDA

  2. #2
    Join Date
    Feb 2013
    Posts
    82

    Default

    Why CVS!?

  3. #3
    Join Date
    May 2013
    Posts
    35

  4. #4
    Join Date
    Feb 2013
    Posts
    8

    Default Cowards !

    Really !?!? cowards !!! instead of helping the project they fork it so they wont be harmed ?? the nerve ...

  5. #5
    Join Date
    Jan 2013
    Posts
    187

    Default

    This seems rather like an overreaction, and somewhat of a vote of no confidence in the governance of OpenSSL which is a worrying precedent. I'm no expert, but from what I've read of the issue, it was a rather trivial mistake. I understand the far-reaching consequences of it, but it seems like it could have happened to anybody.

    Having said that, it'd be nice if they could clean up the code. Also, it seems like the type of thing that the BSD camp would be good stewards for, being the security stalwarts that they are.

    But I can't help but feel the better course of action would be to work with whomever currently controls OpenSSL to improve checks and balances rather than just fork it. It feels decidedly NIH-esque. It's not like OpenSSL is governed by Sun Microsystems.

  6. #6
    Join Date
    Jul 2010
    Posts
    449

    Default

    1) They use CVS because they like it. I don't know why, but I doubt it really matters.

    2) They are removing all OS support so that they can get it down to a lean, core library that they are happy with, after which they will accept patches to port it to new operating systems. OpenSSH started out as being for OpenBSD, and they accepted patches to make it portable, so this approach is in line with that, and seems pretty fair.

    3) They are forking it as they don't believe the OpenSSL developers can be trusted to do a good job. Somebody made a page going through the changes they're making to the original OpenSSL code: http://opensslrampage.org/. It's well worth a read to see some of the stuff that was going on.

  7. #7
    Join Date
    Nov 2008
    Location
    Madison, WI, USA
    Posts
    864

    Default

    Quote Originally Posted by ba7a7chy View Post
    Really !?!? cowards !!! instead of helping the project they fork it so they wont be harmed ?? the nerve ...
    I'm really not liking this move. OpenSSL has just undergone a major blow, and so they just cut and run instead of sticking around to help fix it? Instead, they decide to just prune out a bunch of deprecated features and reduce platform support. I'm hoping that at least the licenses stay compatible so that actual fixes can be shared between projects... or that eventually OpenBSD comes back into the fold.

  8. #8
    Join Date
    Jun 2011
    Location
    Scotland
    Posts
    101

    Default

    Quote Originally Posted by Veerappan View Post
    I'm really not liking this move. OpenSSL has just undergone a major blow, and so they just cut and run instead of sticking around to help fix it? Instead, they decide to just prune out a bunch of deprecated features and reduce platform support. I'm hoping that at least the licenses stay compatible so that actual fixes can be shared between projects... or that eventually OpenBSD comes back into the fold.
    Didn't you read the article? The roadmap has a return to full platform portability as an endgoal.

  9. #9
    Join Date
    Jul 2010
    Posts
    449

    Default

    Quote Originally Posted by Veerappan View Post
    I'm really not liking this move. OpenSSL has just undergone a major blow, and so they just cut and run instead of sticking around to help fix it? Instead, they decide to just prune out a bunch of deprecated features and reduce platform support. I'm hoping that at least the licenses stay compatible so that actual fixes can be shared between projects... or that eventually OpenBSD comes back into the fold.
    The trouble is that whilst looking through they've found lots of other unpleasant stuff. I agree that standardising on an implementation has huge benefits, but if that's done at the cost of security/reliability of such a fundamental library (and a cryptographic one at that) then going back into the fold could actually be harmful.

    The reduction in platform support is so that they can get it right on their platform (that they know exceptionally well) before accepting patches to port it to other operating systems, their exact words: "our primary focus is good software that we trust to run ourselves".

    Take a look at http://opensslrampage.org/ to see more details of the kind of thing they were fixing.

  10. #10
    Join Date
    Jun 2013
    Location
    Canada
    Posts
    30

    Default

    Can the editors/author of Phoronix show this as most likely the most valiant fork & coding effort within the last ~10 years?

    OpenSSL is basically UNFIXABLE, this is what must be done to FIX OPENSSL ITSELF; since openssl is TOO BROKEN.

    SO this project (LibreSSL) will hopefully become the new library all projects will link into their code as the crypto & security code in place of OpenSSL after they sort things out, lock crazy things down and get coding standards up, and can add PROPER multi-platform support unlike the craziness it was before their http://opensslrampage.org/ started which is almost a commit log of how the progress was and what had been done to get to the point they are now.

    They aren't trying to just fork & run like most of the buffoons above are saying, but they're doing their best to help save the internet as a whole by fixing such a crucial piece of infrastructure that is now coming from the devs who created openssh.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •