[treebeard901]

I tend to agree, maybe with one exception. Would the end result of a LibreSSL refactor introduce more bugs than leaving the current process in place (with improvements)? It seems like we can't know the answer to that question until it happens so speaking definitively about either option becomes questionable.

[kbenson]

Definitively, no, but the lack of of a definitive (or even likely) answer still makes the it a poor choice, if not in the sense of "wrong" than in the sense of "this is something that needs to be figured out based on your goals, and until you do choices based on this will not be grounded on fact" so it's poor in that it's not well grounded.

That said, the relatively poor history of OpenSSL and the relatively high quality of software that comes out of the OpenBSD project leads me to think I know what the likely outcome of refactoring code is in this particular scenario.

[treebeard901]

That is certainly true and perhaps another advantage exists from a refactor of LibreSSL: Finding unknown bugs in OpenSSL that may only be revealed during refactoring.