Unix and Linux → LibreSSL is Born (OpenSSL Gets the OpenBSD Treatment)

Surprised this hasn’t made it to this forum yet, but, in light of the Heartbleed issues, the OpenBSD developers are ripping apart the OpenSSL code and creating something that sucks less—hopefully a portable version of their work (a la OpenSSH) will be available for all to take advantage of soon.

More detail at »bsd-beta.slashdot.org/st ··· -openssl, »opensslrampage.org, »www.libressl.org, »www.tedunangst.com/flak/ ··· libressl and elsewhere…

Great, so they are ripping out all the holes introduced by allowing NSA programmers to provide commits to their code. How nice.

I am not against rippingout w releated stuff... but I take exception to

VMS ( OpenVMS)

Mac OS9 (not to be confused with the REAL OS9 which runs on Coco/Rainbows (or what ever those UK clones where called)

Rip any thing you want out for supporting non VMS, Unix, Linux, BSD, Mac OS9.. which I am sure is related to my ill view ... but that other stuff, no way!

Yes I happen to have a box that runs OpenVMS for a very specific purpose. My own thrill of having a VMS machine! Same as some of the IBM stuff I've got running around too. Hell if I had the space, I'd probably have the real things!

BUT...

I can see this fracturing things... with *NIX, BSD, etc. going this way, and all the others left to OpenSSL, and if there is any incompatibilities... this could become a train wreck, and a cure worse that the disease. (Yes, train wrecks, disasters and any thing of the sort that causes grief on non *NIX, BSD, VMS, system z, etc. is fine, ie: if it borq's up w great!)

1. The whole point of ripping cruft out is to make it easier to audit the code. Yes, a small percentage of users will be temporarily affected, but this is mostly poorly written, ancient and unmaintained/unmaintainable code anyway.
2. They are maintaining API compatibility—so programs that rely on OpenSSL APIs continue to function.
3. Once the code is audited and sucks less, they will go back and add the necessary pieces to make the code portable again.
4. Their work is freely available—anyone can take what they’ve done and modify it to run on their OS/2 Warp systems (yes, they removed the code to support this OS) if they so desire.

All the above is well documented—you really don’t want to rely on poorly written security software and the team working on this doesn’t want to leave anyone heartbroken (or bled ).

Lol, uh.... Rainbow was the name of a computer magazine in the 80's dedicated to the TRS-80/CoCo.

But you're right though, OS9 was a Unix Like OS that fully utilized the power of the 1.5MHz 6809 processor's multitasking capability.

said by Rexter:

---

Lol, uh.... Rainbow was the name of a computer magazine in the 80's dedicated to the TRS-80/CoCo.

---

I remember having something Rainbow, and maybe that was it.. I probably still have them stacked in storage some place...

Spectrum was the Timex clones

Looks like Dragon was the clones from the UK.

said by Camelot One:

---

But you're right though, OS9 was a Unix Like OS that fully utilized the power of the 1.5MHz 6809 processor's multitasking capability.

---

Yeppers..and I fully utitlized it....

said by Bink:

---

1. The whole point of ripping cruft out is to make it easier to audit the code.

---

That may be a part or a large part of their goal, but it clear that there is a OS war or anti OS portion to this... Which I agree with, but not in re VMS, Mac OS9, OS/2...bluntly if you want to rip out anything and all things w virus I will cheer loudly for it.... Others not so much, or all, and possibly even bring my own tar, feathers, torches, pitch forks etc. to the party. Your right, and most here know, my anti ms/w stance period. Like it or not, there is still tons of stuff on VMS, system/360/390,system z... want some examples... Lowes, Publix and just about any other grocer on the planet, or retailer... Target, walscum, all have huge backends relying on 360/390/z. Hell they even have z setups to run Linux with support from IBM.

I really don't care what they do, becauase I have a funny feeling that BSD will go their way, Debian and probably the rest of Linux will fork another way, possibly and probably from the BSD fork. The odd man out of the bunch is going to be w, and if that means it gets passed over so be it, GREAT!

w and security are oxymorons, like jumbo shrimp.

I am not against them cleaning things up, but I think some of their pruning ie: VMS, OS/2 is damaging to the tree as a whole.

This is not the case. They are developing LibreSSL the same way they developed OpenSSH—it’s optimized for their platform and then it is make portable for other OSs—see »www.openssh.com/portable.html for details.

It is not clear to me. . .where is the evidence of such?

This is the nature of open source. Forks happen and development continues.

There is nothing to prevent other platforms from continuing to leverage their existing implementations, such as openssl. There is also nothing here that would prevent someone else from implementing their own port of libressl to one or more of these platforms.

For what it is worth there are at least five other SSL implementations already used in addition to openssl. There is already divergence but where is it written that every solution that uses SSL must use the same implementation exactly?

Good. Many things are clear; folks took an assumptive stance around OpenSSL adoption (if it's FOSS, it's secure). Adoption rates of OpenSSL over GNUTLS are obvious. OpenSSH is fantastic, secure, and has a long history (aside from Debian's RNG issues) of being secure in sane configurations.

I'm a GNU/Linux guy and I welcome this community-beneficial code review. I think it's time we play Matryoshka dolls again and knock off the trust around data in transit and go back to GPGing data at rest. Let 'em MiTM/MiTB; too bad you're dealing with GPG encrypted data.