1. 3

  2. -1

    Libressl exists. The Openbsd folks forked OpenSSL, which had horrible code base and security history, when this fact became well-known, and cleaned it up. Thoroughly. This is what Libressl is.

    But then parties like The Linux Foundation decided to reward the incompetence of OpenSSL’s team with funding. Clever. Not.

    Libressl is of course still alive and better than ever. OpenSSL has improved, but not that much.

    For some reason, OpenSSL is still popular. In an ideal world, distributions such as Debian or Fedora would have switched to Libressl the moment it was ready, with even more energy than they had in adopting the likes of PulseAudio. But alas.

    1. 1

      The LibreSSL fork was not handled very well. One of the first things that the OpenSSL folks did was reformat all of the code. That made it basically impossible to meaningfully diff the two. It was an explicit declaration that they never intended to make it possible to merge the two projects and everyone had to pick a side. Unsurprisingly, most people picked the devil they knew.

      I am curious that OpenSSL is managing to change the license. I haven’t seen anything about this before and I’m curious as to the process that they went through. Did they require copyright assignment from contributors? I know OpenBSD is pretty hostile to the Apache 2 license, so I’d be surprised if OpenBSD devs gave consent to relicense any code that they’d contributed.

      1. 1

        LibreSSL was awesome at the beginning when they were 100% compatible, but on the other hand it sucks that the library name is the same and you can’t use them both.

        I recently ran into this. Big C++ project, you have 2 dependencies, one with a hard dep on OpenSSL. Good luck. We were quite happy with VoidLinux and LibreSSL but now it’s all on CentOS (for this project), mostly because of the SSL thing.

        No, I still have nothing against LibreSSL if it’s some hobbyist FLOSS project. But if I dread working on something because I spent days needlessly fixing stuff and I can’t simply change it because I’m just a cog in the machine who doesn’t decide to change everything.. pass. Actually I probably also wouldn’t waste my free time on that.