also, the OpenBSD foundation was already making LibreSSL because of other issues with OpenSSL before the Heartbeat exploit was even known about
]]>By saying "one" you are probably referring to You know what. But this way you're missing the point. It's not the You know what bug that makes people want to switch. Everyone knows bugs happen from time to time. It is expected that not only OpenSSL but also competiton and various other software still contains lots of critical ones. The reason of criticism towards OpenSSL and attempts to switch are devs' choices that led to You know what. Something that can't be fixed by applying a simple patch. Choices that should have never been done. This is the reason of all the rants the bug has spawned. Not the coder's mistake itself.
Nonetheless I have earlier expressed my dislike for idea to switch to another library. Even if this is a way to go, switching in haste smells.
]]>One problem with OpenSSL and people have got to fork it. I don't see the point.
Seems to mostly be emotional reaction, which as always is not particularly useful or interesting.
]]>http://www.linuxfoundation.org/news-med … -ibm-intel
The Core Infrastructure Initiative is a multi-million dollar project organized by The Linux Foundation to fund open source projects that are in the critical path for core computing and Internet functions. Galvanized by the Heartbleed OpenSSL crisis, the Initiative’s funds will be administered by The Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. Support from the initiative will include funding for fellowships for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support
But no, it should not replace OpenSSL. Maybe in the future, but I doubt.
]]>I don't trust people, who use Comic Sans.
This page scientifically designed to annoy web hipsters. Donate now to stop the Comic Sans and Blink Tags.
Everyone is free to become package maintainer in AUR. AUR allows users to vote on packages. For now I don't even see LibreSSL there, not mentioning any substantial number of votes.
It's not there because it is not ready for use. It will be months before it is even ready for use on OpenBSD, months after that it might be ported to Linux.
So this thread is about what color to paint a bikeshed that doesn't exist.
]]>OpenSSL devs did many mistakes. There is no doubt some of these were pretty serious and led to You know what. But switching libraries just because a major failure has happened recently is not a good idea. I would even say that time near such events is when no big decisions should be taken. Just let future unfold and see what it brings.
Everyone is free to become package maintainer in AUR. AUR allows users to vote on packages. For now I don't even see LibreSSL there, not mentioning any substantial number of votes.
]]>