Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.

OpenBSD Developers Fork OpenSSL, Create LibreSSL

posted by janrinok on Wednesday April 23 2014, @12:36PM   Printer-friendly
from the introducing-more-bugs-than-it-cures? dept.

Both _NSAKEY and Bob The Cowboy write to tell us of the forking of OpenSSL to create LibreSSL:

Ars Technica has a story about the effort of some OpenBSD developers to clean up the OpenSSL codebase as part of a fork they've named LibreSSL. From the article:

The decision to fork OpenSSL is bound to be controversial given that OpenSSL powers hundreds of thousands of Web servers. When asked why he wanted to start over instead of helping to make OpenSSL better, de Raadt said the existing code is too much of a mess. "Our group removed half of the OpenSSL source tree in a week. It was discarded leftovers," de Raadt told Ars in an e-mail. "The Open Source model depends [on] people being able to read the code. It depends on clarity. That is not a clear code base, because their community does not appear to care about clarity. Obviously, when such cruft builds up, there is a cultural gap. I did not make this decision... in our larger development group, it made itself."

When asked what he meant by OpenSSL containing "discarded leftovers," de Raadt said there were "Thousands of lines of VMS support. Thousands of lines of ancient WIN32 support. Nowadays, Windows has POSIX-like APIs and does not need something special for sockets. Thousands of lines of FIPS support, which downgrade ciphers almost automatically." There were also "thousands of lines of APIs that the OpenSSL group intended to deprecate 12 years or so ago and [are] still left alone."

De Raadt told ZDNet that his team has removed 90,000 lines of C code. "Even after all those changes, the codebase is still API compatible," he said. "Our entire ports tree (8,700 applications) continue to compile and work after all these changes."

 
This discussion has been archived. No new comments can be posted.
OpenBSD Developers Fork OpenSSL, Create LibreSSL | Log In/Create an Account | Top | 52 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Thexalon on Wednesday April 23 2014, @01:40PM

    by Thexalon (636) on Wednesday April 23 2014, @01:40PM (#34865)

    meant to be depreciated

    Sorry to be a spelling Nazi, but there's a big difference between "depreciated" (the lowering financial value of a capital good due to wear-and-tear) and "deprecated" (a feature that should not be used anymore because there's a better feature available).

    Among other things, "depreciated" implies that software falls apart over time, while "deprecated" implies that we find better ways to do things and that' why we're getting rid of the old process.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 1) by fnj on Wednesday April 23 2014, @04:39PM

    by fnj (1654) on Wednesday April 23 2014, @04:39PM (#34984)

    Truly illiteracy is a terrible thing. Don't be sorry.