We’re no longer using our old ftp, rsync, and git links for distributing OpenSSL. These were great in their day, but it’s time to move on to something better and safer. ftp://ftp.openssl.org and rsync://rsync.openssl.org are not available anymore. As of June 1, 2024, we’re also going to shut down https://ftp.openssl.org and git://git.openssl.org/openssl.git mirrors.
GitHub is becoming the main distributor of the OpenSSL releases.
You must log in or # to comment.
What the absolute fuck…
That’s a pretty bad idea. I highly recommend this awesome write-up by Software Freedom Conservancy: Give Up GitHub!
Considering the absolutely devastating performance hits 3.x brings (and the apparent design failures that make it extremely difficult if not impossible to reclaim it) I wonder if openssl’s days are numbered. WolfSSL seems to be favorable to the HAProxy team. Hopefully that can get some traction.
Good that you mention WolfSSL and that HAProxy team seems to like it. Years ago some Linux distributions made the switch to LibreSSL, but unfortunately that all (?) seems to have failed.
Federated Forgejo seems ideal.
Fuck that… I guess we really should go with LibreSSL after all.
Speaking of, what is its current working state?
I’ll take anything that has a compatible command line and library to be honest
Except ffmpeg/libav. I will always want the real ffmpeg 😤
I’ve also seen WolfSSL mentioned, which is HAProxy’s go-to. I haven’t played with it in depth myself though.
I doubt many of the commentators here used any of the deprecated methods to contribute to openssl.
It’s one thing to talk about what’s good for open source, it’s quite another to practice it.
I doubt many commenters here have used a wheelchair ramp to access a public building. Guess we should just remove all those ramps since that accessibility doesn’t affect them. The barrier to entry for setting up a wheel chair ramp is more expensive than offering at least one non-corporate code contribution method.
Your analogy would fit if the deprecated methods didn’t have a higher barrier to entry than using GitHub.
This is less like removing the wheelchair ramps and more like removing the steps at the back of the building.
Maybe. Maybe if the back steps required an account with a US-based service owned by a publicly-traded megacorporation that is collecting your data as per the ToS just to enter. That’s a helluva barrier that should never be expected for free software.
And yet no actual contributor to openssl is losing sleep over this.
Weird and worrying choice
I think a lot of people here read the headine and think OpenSSL is moving everything to github and giving up everything else. It is not. They only moved the means of distributing the release tarball to github and stopped supporting the ftp and rsync. Do not confuse distribution and contribution/development.
