New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/issues/20935#issuecomment-671111760

Comment:
> This link shows that LibreSSL has more development than https://cpp.libhunt.com/compare-openssl-vs-libressl

Untrue, look at commit histories.

> In this **old** link, it compares OpenSSL vs LibreSSL, showing how security is applied in LibreSSL code.
https://resources.infosecinstitute.com/libressl-the-secure-openssl-alternative/
> OpenSSL has a design problem, it is susceptible to serious flaws

(emphasis mine); yes, it is old, and that's the problem. OpenSSL's codebase quality and security auditing has increased greatly in the last 5 years. I would have agreed with you some time ago. Nowdays, LibreSSL gets much less auditing, has much fewer developers working on LibreSSL-portable, and has far less architecture support.

> quantity of developers in OpenSSL does not mean quality in the code

I agree, but it does mean that something has to lose attention. Often, this is performance, or architecture support, and even build support/code quality (especially in libressl-portable), as @q66 can attest to.

> OpenSSL has a lot of legacy OS discontinued

Care to elaborate?