undefined | Better HN

0 pointstedunangst11y ago0 comments

Auditing and fixing the original still improves LibreSSL, although one of the main goals of LibreSSL was to clean things up to make that easier.

Last LibreSSL release was 2.1.4 last week, although a minor update should be coming soon. http://marc.info/?l=openbsd-announce&m=142543818707898&w=2

LibreSSL is going to track OpenBSD versions, so now that OpenBSD 5.7 is done, the LibreSSL 2.1.x series is done (except to receive patches). At some point a 2.2 release will be made, corresponding to new developments.

0 comments

5 comments · 2 top-level

nailer11y ago· 3 in thread

libressl's binary is already half the size of openssl. I wonder if the audit is re-doing existing work to some extent.

Alupis11y ago

> libressl's binary is already half the size of openssl

What does binary size have to do with quality?

OpenSSL has been around for a long time, and still is the standard for most deployments. It will take a long time before LibreSSL has been proven enough to become the standard for anything outside the BSD community.

For as nasty as the OpenSSL code appears to be, it sure did work (and worked well) for a long time.

Remember, OpenSSL really only had 1 developer and only received around $2,000 a year in donations prior to Heartbleed[1] (which is grossly pathetic for such a critical piece of software).

If those numbers had been tenfold or more, perhaps the bugs that led to Heartbleed may have been found and fixed long before they were an issue.

Thankfully the Linux Foundation and the Core Infrastructure Initiative are aiming to remedy this.

[1] http://arstechnica.com/information-technology/2014/04/tech-g...

green7ea11y ago

> What does binary size have to do with quality?

I think grandparent meant that binary size is related to code size. The number of bugs being related to the number of lines of code, you could infer that a bigger binary means more lines of code which means more bugs. In my experience, this tends to be true. Of course this makes the big assumption that the binaries have been compiled with similar compilers using similar optimizations and are both stripped.

nailer11y ago

> What does binary size have to do with quality?

Do OS/2, 16 bit Windows, and Data General Unix support indicate quality to you?

http://opensslrampage.org/

1 more reply

hackuser11y ago

Thanks. Did OpenBSD get the funding they sought for LibreSSL? How mature is it at this point? I see it's included (?) with OpenBSD, which is a good sign.

j / k navigate · click thread line to collapse