Slashdot Mirror

← Back to Stories (view on slashdot.org)

Not Just a Cleanup Any More: LibreSSL Project Announced

Posted by timothy on from the they'd-like-some-beer-money dept.

An anonymous reader writes "As some of you may know, the OpenBSD team has started cleaning up the OpenSSL code base. LibreSSL is primarily developed by the OpenBSD Project, and its first inclusion into an operating system will be in OpenBSD 5.6. In the wake of Heartbleed, the OpenBSD group is creating a simpler, cleaner version of the dominant OpenSSL. Theo de Raadt, founder and leader of OpenBSD and OpenSSH, tells ZDNet that the project has already removed 90,000 lines of C code and 150,000 lines of content. The project further promises multi-OS support once they have proper funding and the right portability team in place. Please consider donating to support LibreSSL via the OpenBSD foundation."

9 of 360 comments (clear)

  1. Re:Please change the name! by TheGratefulNet · · Score: 4, Funny

    libwressle.so - will be here, sunday, Sunday, SUNDAY!!

    --

    --
    "It is now safe to switch off your computer."
  2. Re:Graphic design geniuses too by Anonymous Coward · · Score: 5, Informative

    There's something at the bottom of the page.

    "This page scientifically designed to annoy web hipsters. Donate now to stop the Comic Sans and Blink Tags"

  3. Re:Graphic design geniuses too by Missing.Matter · · Score: 4, Insightful

    Typefaces by their nature are designed to convey a specific emotions. It's the whole reason we don't simply convey written information in one fixed typeface; some are more appropriate than others given the situation.

    Comic Sans in particular is designed to imitate comic book lettering. It's not particularly professional. In the wake of the OpenSSL bug, many people were questioning open source in general, saying (not rightfully, but saying nonetheless) that the Heartbleed bug was caused by a bunch of amateur volunteers. i.e. open source is not developed by professionals. Comic Sans doesn't exactly inspire confidence for people who now view the open source development model as dubious.

  4. Re:Please don't by Kardos · · Score: 5, Insightful

    It's not a bad idea. OpenSSL has become unwieldy, which has been known for quite some time. A major refactoring is long overdue. Does it matter if the project changes name? OpenSSL 2.0 or LibreSSL - what's the difference? The OpenSSL guys don't have the resources/time/funding/whatever to do it, and the OpenBSD guys apparently do.

    > Even after all those changes, the codebase is still API compatible.

    It's going to be a drop in replacement for OpenSSL. Same idea as the MariaDB fork of MySQL. Where is the "bad idea" here?

  5. Get it FIPS certified by sinij · · Score: 5, Insightful

    The key reason OpenSSL is so popular in US is because the project is on top of FIPS certifications. LibreSSL might cure cancer, but very few system integrators will use it unless it has certified module.

    1. Re:Get it FIPS certified by BitZtream · · Score: 4, Informative

      Having gone through the certification process myself, people that think that are stupid, paranoid idiots. The certification process is entirely based on finding and fixing known flaws in the encryption process, nothing I saw would indicate any kind of weakening.

      Of course, its entirely possible that the NSA was aware that my code was insecure and just didn't request any changes to make it weaker, but the certification process certainly didn't make that apparent.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  6. Re:Please change the name! by ThePhilips · · Score: 4, Insightful

    What is with this reaction of Americans to the French/Latin word "libre"?

    --
    All hope abandon ye who enter here.
  7. Re:Libre is the new Open by Anonymous Coward · · Score: 5, Funny

    SSSL - Secure SSL

  8. Re:Or.. by serviscope_minor · · Score: 4, Insightful

    My point is that it costs less in labor to rewrite OpenSSL cleaned-up but OpenBSD only without consideration for other OSes than it does to rewrite OpenSSL with no such consideration. Then, when you go back and fix the now-broken OpenSSL rewrite (LibreSSL), you add more than the difference in that labor: it requires more overall effort to do this one-and-a-half times than to do it right once.

    Well, the OpenBSD people disagree with you. You also forgot the auditing of the code that they're goig to be doing once it's fixed. Much easier on a clean codebase.

    They're not giving everyone a rewritten OpenSSL; they're giving everyone the concept of a rewritten OpenSSL, which you can put into use on OpenBSD, or you can apply your own effort or apply money to OpenBSD to get written to work on Linux/FreeBSD/Windows.

    So they're buiding something they need for themselves personally, but are generous to make it available to everyone should anyone else need it. And they'll even let you freely modify it if it doesn't fit your needs! Not only that but if your mods are of no benefit to them but cleanly written and useful to others, they'll even go out of their way to include them in their project. What nice people. I think they should be applauded for their philanthropy.

    They do sound like awfully nice people to me.

    It's really a shame that there are so many people on the internet who complain they they're not spending even more time and even more effort to give more away for free. But there you go: some people just have a sense of entitlement out of all proportion.

    --
    SJW n. One who posts facts.