Forgot your password?
typodupeerror
Encryption Security

First Release of LibreSSL Portable Is Available 101

Posted by Soulskill
from the cryptic-announcements dept.
ConstantineM writes: It has finally happened. Bob Beck of The OpenBSD Foundation has just announced that the first release of LibreSSL portable is now available, and can be found in the LibreSSL directory of your favourite OpenBSD mirror. libressl-2.0.0.tar.gz has been tested to build on various versions of Linux, Solaris, Mac OS X and FreeBSD. This is intended to be an initial portable release of OpenBSD's libressl to allow the community to start using it and providing feedback, and has been done to address the issue of incorrect portable versions being attempted by third-parties. Support for additional platforms will be added as time and resources permit.
This discussion has been archived. No new comments can be posted.

First Release of LibreSSL Portable Is Available

Comments Filter:
  • by Noryungi (70322) on Friday July 11, 2014 @05:28PM (#47434459) Homepage Journal

    in 3....2.......1............

    That was the goal from the vey beginning: make the code less horrible to get people involved and correct as much as possible.

    So, yes, they will find more problems. They expect that.

  • Re:Donate (Score:5, Insightful)

    by Noryungi (70322) on Friday July 11, 2014 @07:38PM (#47435445) Homepage Journal

    Oh boy, there is so much wrong here... Where to start?

    First of all, OpenSSL problems are not ''getting fixed''. Part of the problem is that funding for OpenSSL was primarily based on company XYZ sponsoring function ABC. This gave incentives to the OpenSSL devs to add more functionalities on top of the cruft, the horrible mess that was the code base. More funding equals more developpers equals more eyeballs, but we haven't seen the progress so far.

    Second of all, OpenBSD has given a HUGE amount of (BSD licensed) code to the rest of the world, Linux included. Try typing "ssh -V" on any Linux machine and I can guarantee you will get OpenSSH. And if you are like me, this is something you use EVERY. FREAKING. DAY. So please stop the trolling about OpenBSD, mmmmkay?

    Third, the amount of code that has been cleaned up, improved, deleted and just plain scrubbed is simply amazing. You can say whatever you want about OpenBSD cranky devs, they know their stuff and they know their way around C code.

    Fourth, OpenSSL is BSD/Apache licensed, and not GPL, so stop spouting off about supporting GPL software - not everything has to be blessed by Stallmann to be acceptable. And, yes, the Linux Foundation recognizes this - while you don't.

  • Re:Donate (Score:2, Insightful)

    by WaffleMonster (969671) on Friday July 11, 2014 @09:54PM (#47436075)

    First of all, OpenSSL problems are not ''getting fixed''.

    http://www.openssl.org/about/r... [openssl.org]

    Third, the amount of code that has been cleaned up, improved, deleted and just plain scrubbed is simply amazing. You can say whatever you want about OpenBSD cranky devs, they know their stuff and they know their way around C code.

    Nothing structural has changed.

    Heartbleed didn't arise from confusing seas of preprocessor macros or broken allocators we've been hearing so much about. It was allowed to happen because there were no structures in place mandating early data validation up front.

If I have not seen so far it is because I stood in giant's footsteps.

Working...