Packages

  • Status Deferred
  • Percent Complete
    0%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    Márcio Silva
    André Silva
  • Operating System All
  • Severity Critical
  • Priority Defer
  • Reported Version Any
  • Due in Version Milky Way v0.3
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by André Silva - 11/01/2018
Last edited by André Silva - 21/09/2018

FS#191 - [libressl] add package as OpenSSL replacement and default provider of SSL/TLS for Hyperbola Project

LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.

It was forked from the OpenSSL in April 2014 as a response by OpenBSD developers to the Heartbleed security vulnerability in OpenSSL, [4] [5] [6] [7] with the aim of refactoring the OpenSSL code so as to provide a more secure implementation. [8]

As LibreSSL follow the same goals than Hyperbola Packaging Guidelines in stability and security concerns, it should be the default provider of SSL and TLS protocols for Hyperbola Project.

winter commented on 11.01.2018 20:23

Now this is awesome. Thank you for moving to LibreSSL. Hyperbola will be the second gnu/linux distro to move to LibreSSL I believe. The first is voidlinux

I absolutely support this decision. :)

winter commented on 11.01.2018 20:29

Although, Hyperbola will be the first fully free software distro to do so. :)

I await seeing Hyperbola on the list of fully free distros.

winter commented on 15.01.2018 03:06

hmm it appears I may be wrong? I think guixsd uses it already. Still though, its a good thing to switch to. :)

Admin
André Silva commented on 15.01.2018 15:44

GuixSD contains OpenSSL (1.1.0g and 1.0.2n) and LibreSSL in their repositories, therefore LibreSSL is a selectable provider of TLS for that distro.

Our case is different than GuixSD since LibreSSL will be used by default and OpenSSL will be blacklisted like Alpine, Void, OpenBSD, Dragonfly, HardenedBSD, Morpheus, OpenELEC and TrueOS are doing currently. [0]

winter commented on 16.01.2018 11:56

Interesting, Then I guess Hyperbola will be the first gnu/linux distro to have LibreSSL by default.

:)

winter commented on 01.05.2018 16:58

Actually what I meant was the first GNU/Linux distro that is free software to have LibreSSL by default. :)

winter commented on 01.05.2018 16:59

ps, I look forward to 3.0 very much for this reason. :)

winter commented on 01.05.2018 16:59

whoops, I mean 0.3 xD

fablamar commented on 11.05.2018 21:41

Hello,

How is the integration of LibreSSL progressing ?

I wish you best lads ;)

winter commented on 16.05.2018 14:29

I am curious as well. I look forward to this.

Admin
André Silva commented on 16.05.2018 14:51

For now, our build server is under maintenance by coadde yet. It needs some required configurations such as increase SSH security, certification and improve Xen hypervisor structure + virtual machines + chroots.
Then, when it will be ready, i will begin with Milky Way v0.3 development + LibreSSL :)

winter commented on 16.05.2018 20:35

Okay, when do you think it will be ready even in development? And from then, when do you think it will be completely ready for stable. Just wondering...

winter commented on 16.05.2018 20:35

ps, Virtual machines are what I would use to see how libressl is doing. :)

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing