Re: [gentoo-dev] [RFC] Discontinuing LibreSSL support?
On Tue, Dec 29, 2020 at 11:31:32PM +0100, Michał Górny wrote: > What I'm really missing in all the replies is a single reason why > LibreSSL would be better for anyone. Not 'it's an alternative', not > 'I don't trust' but a real proper, verifiable argument 'LibreSSL is > better in this regard'. I guess that is due the fact that you dismiss arguments that are valid reasons for others (incl. me) but apparently not sufficient for you, like my situation where 'It works on all my systems, and switching would mean work for me and at least a risk of downtimes'. I understand that if security of OpenSSL is much better than LibreSSL (I have also not seen 'proof' of this, just 'more users mean better security per se', so I guess I should switch from Gentoo to Ubuntu for my desktops and CentOS for my servers if I care about security), I should switch back, but for me, not having to touch working systems is a valid reason to keep the system around. Since I can't contribute the work needed to keep it around, I'll have to live with the consequences of whatever the devs decide. And I will. Just don't expect me to pretend like you are doing me a favour. ;-) Best, Marcel
Re: [gentoo-dev] [RFC] Discontinuing LibreSSL support?
On Mon, Dec 28, 2020 at 11:33:36PM +0100, Michał Górny wrote: > On Mon, 2020-12-28 at 22:00 +, Peter Stuge wrote: > > Michał Górny wrote: > > > LibreSSL users, does LibreSSL today have any benefit over OpenSSL? > > > > Yes, at least two: > > > > A. It is a distinct implementation with probably /quite some/ stable > > compatibility, meaning that it will work perfectly fine as an > > alternative in many cases. > > Except that it doesn't, as has been proven numerous times. I just want to comment that I switched to LibreSSL on several Gentoo systems years ago and never had any major issues. I run both desktop and server systems with LibreSSL, based on X and Wayland. The only issues I ran into is a slight lag of the overlay behind the main tree so once in a while I had to mask a new version of some package for a week or so. So from a pure user perspective, thing change would mean a risky update to systems running stable for years with no gain whatsoever. So even if LibreSSL does not provide any advantage over OpenSSL (anymore), dropping support would do harm. That said, I do understand maintainer burden and I will probably be fine with such a change. But I have to say that over the last ten years, Gentoo does feel a lot less focussed on choice than it used to and I am counting the days until is deemed 'unpractical' to support legacy boot, non-systemd init or 'exotic' arches. ;-) Best, Marcel
Re: [gentoo-dev] GNU Guix
Dear William, dear Piotr, On Tue, Sep 29, 2020 at 08:58:01AM -0400, William Breathitt Gray wrote: > I think you're replying to a spam bot. That doesn't seem to be a real > person -- it's just grabbing a bunch of technical jargon and linking to > an adult video website. Thank you for letting me know and sorry for the bad mood I released here in response to this. Apologies to everyone. I was fooled. Today is not my day so I was easy to trigger. Sorry for the noise. On Tue, Sep 29, 2020 at 03:18:04PM +0200, Piotr Karbowski wrote: > On 29/09/2020 14.26, Cuckoo's Calling wrote: > > You are so naive and I couldn't stop laughing. > > I would appreciate it If you'd refrain from sending such messages to > mailing list, either go into details when you disagree with people or > don't reply at all. Those low level flexing is not welcome here. Thank you for 'coming to my defense' by standing up for good communication on Gentoo's channels. I regret jumping to conclusions and apologize for generalzing from a single user (real or not) to the community that I owe so much. Next time, I'll refrain from replying if I feel atacked. Thank you for your understanding. Kind regards, Marcel
Re: [gentoo-dev] GNU Guix
On Tue, Sep 29, 2020 at 12:26:22PM +, Cuckoo's Calling wrote: > You are so naive and I couldn't stop laughing. > > Did you even watch my presentation? > https://gnuguix-drive.mycozy.cloud/public?sharecode=YvERPGX14g5S Just for everyone else: My web browser is not supported by the platform this presentation was through. So I have no idea of its content and assumed this list is not bothering people with jokes. I stand by my opionion that GNU Guix is worth considering for some folks that enjoy Gentoo and now I have a another argument to have a look: In my experience, the GNU Guix community is very friendly and I doubt they'd alienate potential contributors that voluntarily subscribe to their mailing list by insults and public ridicule. Best, Marcel
Re: [gentoo-dev] GNU Guix
On Tue, Sep 29, 2020 at 11:32:53AM +, Cuckoo's Calling wrote: > I came across an amazing project called GNU Guix. In case any is interested in trying it out: I am successfully using Guix under Gentoo via this overlay: https://github.com/trofi/nix-guix-gentoo > Please leave me a feedback on your experience. IMHO, it is a great package manager, especially when being concerned about (bit-wise) reproducibility, 'slotting' various versions and fast movement with low risk (reversible upgrades). The one feature I miss compared to portage is the configuration via USE flags: One could patch Guix package definitions to add compile to flags etc, but you can't simply let the package manager resolve the dependencies for you. Cheers, Marcel
Re: [gentoo-dev] non conflicting libressl?
Hey Jason, I'd be surprised if anyone felt like having too much time at there hands to pick this up but I come from the other side (I use libressl and sometimes run into packages expecting openssl). One thing I was wondering is if there is something like slot support for virtuals that would allow most packages depending on any slot but others on a specific slot. Personally I don't have the knowledge to tackle a problem like this and rather keep on patching openssl-only ebuilds to work with libressl or miss out on packages/updates until somebody else get's to solving this. Best, Marcel On Wed, Jan 29, 2020 at 10:27:04AM +0100, Jason A. Donenfeld wrote: > Hey, > > For a long time now, OpenSMTPD stopped supporting OpenSSL, only > supporting LibreSSL. For that reason Gentoo's opensmtpd ebuild is > stuck on the 6.0 version. I'm not happy about this. > > It looks like other distros solve this by allowing libressl to install > its libraries to /usr/lib/libressl or similar, so that they can > coexist with openssl, allowing programs like OpenSMTPD. > > Any libressl developers interested in this sort of thing? > > Jason
