From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: libressl Date: Wed, 02 Mar 2016 22:33:33 +0100 Message-ID: <874mcoef9u.fsf@gnu.org> References: <20160302120317.6d8d12b9@scratchpost.org> <20160302191504.GB15618@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47536) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1abEOp-0002Ci-FI for guix-devel@gnu.org; Wed, 02 Mar 2016 16:33:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1abEOm-0007OW-9K for guix-devel@gnu.org; Wed, 02 Mar 2016 16:33:39 -0500 In-Reply-To: <20160302191504.GB15618@jasmine> (Leo Famulari's message of "Wed, 2 Mar 2016 14:15:04 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > On Wed, Mar 02, 2016 at 12:03:17PM +0100, Danny Milosavljevic wrote: >> Hi, >>=20 >> with these openssl security problems lately that don't affect >> libressl, wouldn't it be better to just use libressl as input >> everywhere? For the non-removed API, it's compatible, and they merge >> fixes from openssl anyway - and the attack surface is smaller. (the >> ABI differs - so it's not advisable to just replace the openssl binary >> without recompilation of the clients) > > If a Scheme wizard can programatically replace all references of openssl > to libressl in the code base, I would be interested in testing it > locally. You can also test with things like this (info "(guix) Package Transformation Options"): guix build --with-input=3Dopenssl=3Dlibressl something Ludo=E2=80=99.