From mboxrd@z Thu Jan 1 00:00:00 1970 From: Danny Milosavljevic Subject: libressl Date: Wed, 2 Mar 2016 12:03:17 +0100 Message-ID: <20160302120317.6d8d12b9@scratchpost.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35162) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ab4Yv-0004ZI-6n for guix-devel@gnu.org; Wed, 02 Mar 2016 06:03:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ab4Ys-0003Jw-FK for guix-devel@gnu.org; Wed, 02 Mar 2016 06:03:25 -0500 Received: from dd1012.kasserver.com ([85.13.128.8]:49495) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ab4Ys-0003Ik-9d for guix-devel@gnu.org; Wed, 02 Mar 2016 06:03:22 -0500 Received: from localhost (178.165.130.70.wireless.dyn.drei.com [178.165.130.70]) by dd1012.kasserver.com (Postfix) with ESMTPSA id 67D7C1CA0111 for ; Wed, 2 Mar 2016 12:03:19 +0100 (CET) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org Hi, with these openssl security problems lately that don't affect libressl, wouldn't it be better to just use libressl as input everywhere? For the non-removed API, it's compatible, and they merge fixes from openssl anyway - and the attack surface is smaller. (the ABI differs - so it's not advisable to just replace the openssl binary without recompilation of the clients)