openssl vs. libressl

[Ryan Schmidt]

On Nov 11, 2015, at 11:00 AM, woods.w at gmail.com wrote:

> On Nov 11, 2015, at 10:54 AM, Brandon Allbery wrote:
>> 
>> On Wed, Nov 11, 2015 at 11:52 AM, <woods.w at gmail.com> wrote:
>> I don’t believe a “better license” should be the dictating factor, I believe what should dictate what is included is what has better functionality. This is politics, and TBH is not a technical reason for inclusion or exclusion. TBH, I believe the only dictating factor should be technical, what does the job best, period. Everything else is ancillary. Something could have a much better license and be total crap.
>> 
>> For many people, being able to get binary archives instead of always having to build from source is rather more than just "politics".
> 
> I agree, but “better license” has nothing to do with that, does it ? My point is we should look at the best technical solution, and THAT should be the only factor. Anything else is ancillary.

Having a better license is a valid justification in MacPorts for switching to a different dependency, where "better" would in this case mean "is compatible with binary distribution".

As one recent example of a change I made, I removed poppler support from the default build of graphviz in r138202 because the poppler license was incompatible with binary distribution of graphviz. The benefit of doing this is that users who don't need poppler support in graphviz will now be able to get a binary of graphviz instead of having to build it from source. Many users want this convenience. Those users who require poppler support in graphviz can use the +poppler variant.

Both openssl and libressl are licensed under the same licenses: OpenSSL and SSLeay. This makes sense since libressl is a fork of openssl. So unfortunately libressl does not have a better license than openssl so that is not a deciding factor for switching from openssl to libressl.