[pnako]

The few who switched to LibreSSL actually switched back to OpenSSL (Alpine, HardenedBSD).

Void is considering switching back too: https://github.com/void-linux/void-packages/issues/20935

[ccktlmazeltov]

Their logic is a bit weird to me, I would definitely choose a fork from professional that re-write everything with a security perspective, over a bad library trying to be hardened .

[CameronNemo]

The Void conundrum is that most software does not support LibreSSL's APIs, and that is especially rough because Void is rolling release. OpenBSD does not write patches for the latest Qt release, so people with little crypto experience have to write those patches.

[notaplumber]

Which is a bizarre statement, all ports development happens on the OpenBSD -current branch, which is effectively a rolling release for developers/users running snapshots.

All of those projects that switched were simply expecting LibreSSL/OpenBSD to upstream support, when it hasn't got nearly the same numbers of developers.

Also, there were other problems with updating Qt on OpenBSD, but that was resolved. It is maintained by a single developer.

https://marc.info/?l=openbsd-ports-cvs&m=158411843726544&w=2

[CameronNemo]

>rolling release for developers/users running snapshots

Well Void is far more on edge than OpenBSD -current.

>there were other problems with updating Qt on OpenBSD, but that was resolved

They are still trailing us.

https://github.com/void-linux/void-packages/pull/15310

[mlindner]

LibreSSL did not rewrite everything... Look at the code, most of it's identical to what's in OpenSSL. It's a fork, not a rewrite.