From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham
	autolearn_force=no version=3.4.4
Received: (qmail 29601 invoked from network); 26 Feb 2021 10:34:17 -0000
Received: from 1ess.inri.net (216.126.196.35)
  by inbox.vuxu.org with ESMTPUTF8; 26 Feb 2021 10:34:17 -0000
Received: from duke.felloff.net ([216.126.196.34]) by 1ess; Fri Feb 26 05:28:55 -0500 2021
Message-ID: <F8FB8C3F2E63856128599BD4704412F7@felloff.net>
Date: Fri, 26 Feb 2021 11:28:35 +0100
From: cinap_lenrek@felloff.net
To: 9front@9front.org
In-Reply-To: <AB16C1EC181190E81B4CD57745C390A0@eigenstate.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: extension firewall session-aware realtime-java database 
Subject: Re: [9front] [Patch] APE changes (2019 Lufia patches)
Reply-To: 9front@9front.org
Precedence: bulk

Bringing back in libressl/openssl is a bad idea imho.
(note, we used to have it in the base system for mercurial)

These are unmaintainable monsters that take forever to compile
and have so much code churn that we cannot keep up with
constantly updating it.

We can use libsec from ape programs and it supports the
kernels tls device. it imlements all the modern ciphers
and tls support you need with a fraction of the codesize.
And libsec *is* maintained and in active use so receives
testing and porting/arch specific support (compiler work,
optimized assembly versions).

This was done for example for the python hash module to
use libsec instead of the openssl monster.

Theres also not really a reason for git to implement its
own dns, tls and https and ssh cients. All this is solved
i plan9 using webfs and ssh. If git calls curl, you can
probaly just write a wrapper script around it to use the
native plan9 infrastructure.

Dont try to emulate the broken way unix does networking
onto plan9. It is a waste of time. If you must, attempt
a proper port and *question* the dependencies that it
clams to be needing.

--
cinap