What you think of LibreSSL?

7 respostas [Última entrada]
GNUser
Desconectado
Joined: 07/17/2013

I didn't know of this, but apparently OpenSSL has been forked by the OpenBSD team into LibreSSL. Has been so for some time now, I just didn't know of it yet. Their goal is apparently to make it more secure by making the code easier to review by everyone. Modernizing the code, they say. What are your thoughts on this, should we start using LibreSSL, after all the s*** that has been going on with OpenSSL?

GNUser
Desconectado
Joined: 07/17/2013
tomlukeywood
Desconectado
Joined: 12/05/2014

sounds like a rely good project

andrew
Desconectado
Joined: 04/19/2012

> What are your thoughts on this, should we start using LibreSSL, after
> all the s*** that has been going on with OpenSSL?

I don't know if the APIs for LibreSSL are the same for OpenSSL but
modifying programs to use the former could be a big job and ideally
would be done by upstream maintainers. From what I've heard LibreSSL is
a much more stripped down version of OpenSSL.

The OpenSSL project has received more contributions and resources to
continue since the event so the reason for LibreSSL isn't as much as it
was before. I think it sounds like a good project though.

Andrew

GNUser
Desconectado
Joined: 07/17/2013

Being stripped down could be a good thing... since that would make the code easier to maintain and audit when necessary.
Not that I think the GNU/Linux distros out there will start using it, BSD distros might.
I like the idea of KISS software :)

moxalt
Desconectado
Joined: 06/19/2015

UNIX philosophy = KISS

Jodiendo
Desconectado
Joined: 01/09/2013

Only a few days old, OpenSSL fork LibreSSL is declared “unsafe for Linux”

I'm not an expert but testing a software program, before is release is essential in my books. Openssl nor libressl has not been tested sufficiently to me. So Ill stay away from it!

Follow the links and read the articles.

http://arstechnica.com/security/2014/07/only-a-few-days-old-openssl-fork-libressl-is-declared-unsafe-for-linux

OpenSSL code beyond repair, claims creator of “LibreSSL” fork

http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/

GNUser
Desconectado
Joined: 07/17/2013

Thanks for those links.
It seems to me that this is all a big mess, and only time will solve anything... people are trying to do things in one way and another, but computers are so complicated that you always end up fucking up somehow... Maybe the LibreSSL is a good approach, but it does seem like a "alpha" project.