On Wed, 2020-12-30 at 09:08 +0100, Marcel Schilling wrote: > On Tue, Dec 29, 2020 at 11:31:32PM +0100, Michał Górny wrote: > > What I'm really missing in all the replies is a single reason why > > LibreSSL would be better for anyone. Not 'it's an alternative', not > > 'I don't trust' but a real proper, verifiable argument 'LibreSSL is > > better in this regard'. > > I guess that is due the fact that you dismiss arguments that are valid > reasons for others (incl. me) but apparently not sufficient for you, > like my situation where 'It works on all my systems, and switching would > mean work for me and at least a risk of downtimes'.
I don't dismiss that. If I had, I wouldn't be bothering with the whole discussion and just kill it. I just draw a different conclusion than you do. Having systems that do work with LibreSSL today doesn't guarantee the same for the foreseeable future. If anything, I prefer to ask the existing users to perform a conscious migration today, than wait till things become really unusable and more users are forced to migrate their systems without realizing the risks. It's all nice to say that LibreSSL will be usable in the near future but that's just plain lying. We're between LibreSSL upstream that explicitly rejects any idea of interoperability with OpenSSL, and other upstreams that plain reject the idea of bending their software to work with LibreSSL. I'm sorry to say but in my opinion LibreSSL's team attitude is to blame in the first place here. If someone forks something, deliberately breaks compatibility and then tries everyone to use his work, what else would you expect to happen? -- Best regards, Michał Górny