After the HeartBleedGate and the rivers of characters written about the case, that stubborn manga that are the OpenBSD developers, led by Theo de Raadt, said "We're going to make our own OpenSSL with games of chance and sluts." But how financing does not give them for gambling and sluts, they were left with only the fork of OpenSSL, which they will call FreeSSL and that initially it will be for OpenBSD 5.6 and, if all goes well, for other POSIX systems, including of course Linux.
Indeed Ted Unangst, OpenBSD developer mentions that Heartbleed was just one of several annual OpenSSL catastrophic bugs and that this bug was not a reason to fork. The bug that Ted focuses on (the one that would end up causing the fork) has to do with the internal OpenSSL freelists and that ngnix doesn't work without those freelists. But the worst was the lack of response from OpenSSL since this bug already has a proposed patch and they have not applied it yet. That patch is for a year not included; OpenSSL, OpenBSD, and Debian have it patched themselves. If the OpenSSL developers did not apply the patch, they were less going to convince them to withdraw their support for Visual C ++ 5.0 (C programmers can laugh with these examples).
So they got rid of about 150 thousand lines of code and counting, especially after removing support for VMS, an abominable closed operating system for servers that Hewlett Packard maintains. It is as if X is compared to Wayland.
Meanwhile, I leave you with the site OpenSSL Valhalla Rampage with the gallery of horror that the OpenBSD ones try to correct.
Thanks to these forks, software like LibreOffice and MariaDB have had their preference (in Slackware, they have replaced MySQL with MariaDB, and in most distros, they have all replaced their OpenOffice with LibreOffice).
But those forks were because they did not want to have the same fate as OpenSolaris at the hands of a new "owner", it was a case of imperative need, and the majority quickly supported the alternative (which in fact are its creators but with another name). This smacks me more like the folks at OpenBSD (With Theo "Linux is for Losers" by Raadt at the helm) are not happy they didn't include their changes. For that reason there are FreeBSD, NetBSD, and OpenBSD.
I agree with you 100%. You don't have to be so extreme, or a fanboy.
Sorry, all I could think of was "Nikzon, for hemorrhoids."
Apparently today they included the patch of controversy.
https://rt.openssl.org/Ticket/Display.html?id=2167#txn-39826
As Felipe, Mafalda's friend said:
"The will must be the only thing that, when deflated, needs to be pricked."
I don't understand the rant about this fork, after all, this is how the open source community works, with forks and merges. On the contrary, I find it laudable that they decided to make such a large package.
I am not an expert in OpenSSL, but according to the three points mentioned by Diazepan, that is "Support for a completely closed system" (VMS), "Outdated code" (Visual C ++ 5.0) "and" Lack of support ", it seems to me that it could not have been otherwise.
And yes, I said lack of support, that the aforementioned patch was included today, it does not mean that it was more than a year on the request lists. The fact that OpenBSD, which is one of the most stable systems out there, not only because it is OpenBSD, but also because it is BSD, and Debian have included it in their repositories indicates that it was not an experimental patch, but stable.
Unfortunately the Linux Foundation does not see it that way and allocated money for OpenSSL, which, from my point of view is a mistake, they should support LibreSSL, something that starts almost zero, starting the bad habits of OpenSSL, such as the example of malloc.