From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: libressl Date: Wed, 2 Mar 2016 14:15:04 -0500 Message-ID: <20160302191504.GB15618@jasmine> References: <20160302120317.6d8d12b9@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:41720) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abCEn-0007p2-Uq for guix-devel@gnu.org; Wed, 02 Mar 2016 14:15:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1abCEi-00054v-S1 for guix-devel@gnu.org; Wed, 02 Mar 2016 14:15:09 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:45847) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abCEi-00054E-M5 for guix-devel@gnu.org; Wed, 02 Mar 2016 14:15:04 -0500 Content-Disposition: inline In-Reply-To: <20160302120317.6d8d12b9@scratchpost.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Danny Milosavljevic Cc: guix-devel@gnu.org On Wed, Mar 02, 2016 at 12:03:17PM +0100, Danny Milosavljevic wrote: > Hi, > > with these openssl security problems lately that don't affect > libressl, wouldn't it be better to just use libressl as input > everywhere? For the non-removed API, it's compatible, and they merge > fixes from openssl anyway - and the attack surface is smaller. (the > ABI differs - so it's not advisable to just replace the openssl binary > without recompilation of the clients) If a Scheme wizard can programatically replace all references of openssl to libressl in the code base, I would be interested in testing it locally.