http://arstechnica.com/security/2014/06/google-unveils-independent-fork-of-openssl-called-boringssl/ https://boringssl.googlesource.com/boringssl/
@Agostino What's the status on this. Are we planning on supporting boringssl? According to this page: https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md It doesn't look like it's a good idea. > Note: BoringSSL does not have a stable API or ABI. It must be updated with its consumers. It is not suitable for, say, a system library in a traditional Linux distribution. Should we close this? I looked into building it at one point, and it onlyy creates static libraries (though I suppose we could patch it and then force it to work with all OpenSSL-dependent packages).
Boringssl now has an option to build shared libraries. If we want this in the tree, we just need to fix the install phase. I can write an ebuild..
If you want to proxy-maintain it, it is fine.
Upstream still recommends to bundle specific boringssl version with program and depend on specific commit. So while may be it's possible to build shared library I don't see how we could use it at the moment. So I think until anything in tree depends on this library we don't need it. And hey, Aric, I found your overlay: https://github.com/lluixhi/gentoo-boringssl :) Was it really worth efforts? Currently I've played with grpcio, that depends on boringssl. As expected grpcio depends on specific commit and otherwise it won't work. Also grpcio needed sources not shared library, so I have not tried your ebuild.
Google is now more specific about the target audience: > BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. > > Although BoringSSL is an open source project, it is not intended for general > use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing > so is likely to be frustrating because there are no guarantees of API or ABI > stability. Source: https://boringssl.googlesource.com/boringssl/
(In reply to Dennis Schridde from comment #5) > Google is now more specific about the target audience: > > > BoringSSL is a fork of OpenSSL that is designed to meet Google's needs. > > > > Although BoringSSL is an open source project, it is not intended for general > > use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing > > so is likely to be frustrating because there are no guarantees of API or ABI > > stability. > > Source: https://boringssl.googlesource.com/boringssl/ And hence WONTFIX. They're very clear about folks not using it nowadays.