openssl vs. libressl

Dominik Reichardt domiman at gmail.com
Fri Nov 13 02:39:42 PST 2015


> On 13.11.2015, at 11:16, René J.V. Bertin <rjvbertin at gmail.com> wrote:
> 
> On Friday November 13 2015 10:45:32 Dominik Reichardt wrote:
> 
>> from www.libressl.org:
>> 
>> "LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.”
>> 
>> so, no rewrite.
> 
> I didn't say it was a complete rewrite, but do you see any other way to achieve the above goals without any rewriting? ;)
> 

"AFAIK it's a rewrite (has to be, to avoid licensing/copyright issues) that aims to be API compatible.”

When talking about code, you should be more precise to differ between a fork and rewrite.
Since it’s a fork, libressl has to have the same license as openssl. Libressl forked OpenSSL 1.0.1g and then threw out code. Of course they are rewriting stuff then, after all it’s a fork, not a mirror. But describing it as a rewrite is highly misleading, IMO.





More information about the macports-users mailing list