I'm saddened and disappointed by the current trend of jettisoning support for Libressl.
voidlinux.org
www.python.org
I'm puzzled by the failure to learn from the Heartbleed fiasco, which happened just seven years ago. I'm naturally paranoid, but this is not always a flaw. I'm not the only one who suspects new Openssl "features" are designed to break compatibility with Libressl and return to market dominance. I think PHK's pointed criticism still applies:
View: https://www.youtube.com/watch?v=fwcl17Q0bpk
The Openssl Software Foundation is still a for-profit corporation offering commercial support and FIPS compliance. I also find it interesting that the vulnerability comparison section of the Wikipedia page referenced in this Python library has now disappeared. I think it probably looked something like this:
wiki.glitchdata.com
Even if you think that my tinfoil hat is too tight and has cut off circulation to my brain, maybe you'll agree that monocultures are inherently fragile:
www.mail-archive.com
Switching back to OpenSSL
The Void Linux team is switching back to OpenSSL on March 5th, 2021 (2021-03-05).



PEP 644 – Require OpenSSL 1.1.1 or newer | peps.python.org
This PEP proposes for CPython’s standard library to support only OpenSSL 1.1.1 LTS or newer. Support for OpenSSL versions past end-of-lifetime, incompatible forks, and other TLS libraries are dropped.

I'm puzzled by the failure to learn from the Heartbleed fiasco, which happened just seven years ago. I'm naturally paranoid, but this is not always a flaw. I'm not the only one who suspects new Openssl "features" are designed to break compatibility with Libressl and return to market dominance. I think PHK's pointed criticism still applies:
The Openssl Software Foundation is still a for-profit corporation offering commercial support and FIPS compliance. I also find it interesting that the vulnerability comparison section of the Wikipedia page referenced in this Python library has now disappeared. I think it probably looked something like this:
LibreSSL - Glitchdata

Even if you think that my tinfoil hat is too tight and has cut off circulation to my brain, maybe you'll agree that monocultures are inherently fragile:
Re: [gentoo-dev] [RFC] Discontinuing LibreSSL support?
