This is the
talk page for discussing improvements to the
LibreSSL article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
There is no working code yet and the userbase is practically zero, so, just as MinGW-w64 and libjpeg-turbo do not have their own articles (and they each have quite a respectable userbase), I think this article should be merged into OpenSSL. X-Fi6 ( talk) 01:56, 24 April 2014 (UTC)
I notice that the page was renamed LibReSSL. I see that the latest posting by Theo uses that form of camel casing, as does the post in OpenSSL Valhalla Rampage. Doesn't look like other sources have yet though from quickly scanning news articles about the BoringSSL fork. Is there an official announcement about the name change? If so we might want to mention it explicitly in the article. PaleAqua ( talk) 06:14, 22 June 2014 (UTC)
I noticed today with the release of the first portable version (2.0.0) of LibreSSL that they use LibreSSL under their new logo and everywhere on their homepage. [1] Tamer ( talk) 22:19, 11 July 2014 (UTC)
References
I've tried to be unpartial in how to count vulnerabilities in both LibreSSL and OpenSSL, but it seems people are reverting it because they don't like the numbers. I've counted something as affected if a released version was affected by it at some point. That means that if they make a release during an embargo to remove the code that they were affected. It also means that if it was fixed a year ago but the security status of it was unknown at the time it's counted. Kurt Roeckx ( talk) 14:21, 7 June 2016 (UTC)
Much of the article reads like a pissing match - as best that crypto nerds can do so - to show that LibreSSL is superior to OpenSSL. Does the article really need a section and iteration of each and every bug and release OpenSSL has announced over the last two and a half years since LibreSSL went live? This is supposed to be an encylopaedic article. What I see from the majority of section 3 is that LibreSSL has been 'victim' to its share of vulnerabilities, even with the vaunted rewrite that would ostensibly minimize/mitigate it. Little of this is informative to the average reader - such excruciating details are better found in direct sources rather than in a place where naughty kids can alter the information as desired, where it can remain unchallenged for random intervals.
I've no axe to grind here - OpenSSL is part of the default installation for my systems, and if LibreSSL were to be chosen by the maintainers to replace it, I'd just accept the maintainer's choices. The tone just strikes me as both peacocky and argumentative. My perception could absolutely be wrong - I just wonder if there are other editors who share that perception, and if so, how to address it in the article. Anastrophe ( talk) 19:07, 26 January 2017 (UTC)
I note a few things: 1) macOS is the only entry under "Adoption" that lists any sort of "since <version>"; 2) older versions of macOS have LibreSSL installed as the default OpenSSL, although this may be due to security updates and not necessarily true for the original release; 3) the version number cited for macOS "needs citation"; So, what's the proper next step? Should the version number be dropped since it's misleading, without citation, potentially wrong, and apparently not necessary for any of the other systems listed? Should it be updated to be correct? What's the definition of "correct"? If a macOS release has LibreSSL currently, with all security updates applied, should the oldest macOS be listed? Finally, regarding a citation, is there any source out there which perhaps has the answer so we can just settle the question? Sorry for all the questions. I'm tempted to make a correction and leave the "needs citation" mark, but I don't know what constitutes "original research" BrianWilloughby ( talk) 00:02, 7 June 2020 (UTC)
This is the
talk page for discussing improvements to the
LibreSSL article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This article is rated Start-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
There is no working code yet and the userbase is practically zero, so, just as MinGW-w64 and libjpeg-turbo do not have their own articles (and they each have quite a respectable userbase), I think this article should be merged into OpenSSL. X-Fi6 ( talk) 01:56, 24 April 2014 (UTC)
I notice that the page was renamed LibReSSL. I see that the latest posting by Theo uses that form of camel casing, as does the post in OpenSSL Valhalla Rampage. Doesn't look like other sources have yet though from quickly scanning news articles about the BoringSSL fork. Is there an official announcement about the name change? If so we might want to mention it explicitly in the article. PaleAqua ( talk) 06:14, 22 June 2014 (UTC)
I noticed today with the release of the first portable version (2.0.0) of LibreSSL that they use LibreSSL under their new logo and everywhere on their homepage. [1] Tamer ( talk) 22:19, 11 July 2014 (UTC)
References
I've tried to be unpartial in how to count vulnerabilities in both LibreSSL and OpenSSL, but it seems people are reverting it because they don't like the numbers. I've counted something as affected if a released version was affected by it at some point. That means that if they make a release during an embargo to remove the code that they were affected. It also means that if it was fixed a year ago but the security status of it was unknown at the time it's counted. Kurt Roeckx ( talk) 14:21, 7 June 2016 (UTC)
Much of the article reads like a pissing match - as best that crypto nerds can do so - to show that LibreSSL is superior to OpenSSL. Does the article really need a section and iteration of each and every bug and release OpenSSL has announced over the last two and a half years since LibreSSL went live? This is supposed to be an encylopaedic article. What I see from the majority of section 3 is that LibreSSL has been 'victim' to its share of vulnerabilities, even with the vaunted rewrite that would ostensibly minimize/mitigate it. Little of this is informative to the average reader - such excruciating details are better found in direct sources rather than in a place where naughty kids can alter the information as desired, where it can remain unchallenged for random intervals.
I've no axe to grind here - OpenSSL is part of the default installation for my systems, and if LibreSSL were to be chosen by the maintainers to replace it, I'd just accept the maintainer's choices. The tone just strikes me as both peacocky and argumentative. My perception could absolutely be wrong - I just wonder if there are other editors who share that perception, and if so, how to address it in the article. Anastrophe ( talk) 19:07, 26 January 2017 (UTC)
I note a few things: 1) macOS is the only entry under "Adoption" that lists any sort of "since <version>"; 2) older versions of macOS have LibreSSL installed as the default OpenSSL, although this may be due to security updates and not necessarily true for the original release; 3) the version number cited for macOS "needs citation"; So, what's the proper next step? Should the version number be dropped since it's misleading, without citation, potentially wrong, and apparently not necessary for any of the other systems listed? Should it be updated to be correct? What's the definition of "correct"? If a macOS release has LibreSSL currently, with all security updates applied, should the oldest macOS be listed? Finally, regarding a citation, is there any source out there which perhaps has the answer so we can just settle the question? Sorry for all the questions. I'm tempted to make a correction and leave the "needs citation" mark, but I don't know what constitutes "original research" BrianWilloughby ( talk) 00:02, 7 June 2020 (UTC)