On 5 April 2015 at 05:44, Paul B. Henson <hen...@acm.org> wrote: > I guess I'll just let this simmer for now and see how things develop. My > preference (I think, at least at the moment) would be for both > implementations to be able to coexist, like openssl and gnutls. It looks > like that's the way it's heading in pkgsrc (the other place I'm > maintaining openntpd), which should make things relatively simple there. > If that's not going to be an option with Gentoo hopefully the best > alternative will become clearer at some point ;).
The problem with that is that now you have to make sure that transitive dependencies are still functional. Since as you point out the two packages are vastly API compatible, it makes them ABI incompatible and conflicting. The functions can have the same name, and vastly the same parameters, but they may be using different size for data, for instance. I pointed this out last year[1][2] already. Symbol collision is a nasty problem because it's almost invisible as long as the API/ABI is close enough, but for libraries like OpenSSL/LibreSSL, this is a huge security risk, too. [1] https://blog.flameeyes.eu/2014/07/libressl-drop-in-and-abi-leakage [2] https://blog.flameeyes.eu/2014/07/libressl-and-the-bundled-libs-hurdle Diego Elio Pettenò — Flameeyes https://blog.flameeyes.eu/
