🆕 Software Suggestion | LibertyBSD #929
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#929
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description: Add LibertyBSD to OSes.
How?: I recommend changing the OpenBSD description to:
This is very similar to the way Parabola is listed as a free'd version of Arch.
except, that LibertyBSD ditched libressl in favor of openssl. Which I have heard is not secure due to mulitiple vulnerabilities. Worth researching though!
@FrostKnight I've never heard this. Can you please send link?
OpenSSL is still very popular. Not sure how bad the vulnerabilities are today.
here is LibreSSL's vulnerability list over time: https://www.cvedetails.com/version/250810/Openbsd-Libressl-2.7.3.html
Here is OpenSSL's vulnerability list over time: https://www.cvedetails.com/product/383/Openssl-Openssl.html?vendor_id=217
Also, OpenBSD is known for focusing heavily on security, if they forked OpenSSL, it was for a reason. ;)
Also here is a more updated remote issue based list: https://www.cvedetails.com/vulnerability-list.php?vendor_id=97&product_id=30688&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=2018&cweid=0&order=1&trc=5&sha=ffdf9c4cd94a5fb3a7baf89619c702b7fc5a5cad
https://www.cvedetails.com/vulnerability-list.php?vendor_id=217&product_id=383&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=2018&cweid=0&order=1&trc=9&sha=746b2e6eab6dc4007d60ba0d6720cc8e028e1d7a
The bottom one is OpenSSL. The Top is LibreSSL.
https://www.cvedetails.com/product/383/Openssl-Openssl.html?vendor_id=217
OpenSSL
LibreSSL
https://www.cvedetails.com/product/30688/Openbsd-Libressl.html?vendor_id=97
Tell me if this helps, ps, my distro Hyperbola is planning to switch to Hyperbola due to LibreSSL's focus on security. I don't know if this is true btw, but some people think openssl could be used for the purpose of a backdoor. Dunno if true, but openssl's vulnerabilities from 2014-2019 is alot more than LibreSSL. ;/
But yeah, this might not be enough evidence, you may need to talk to openbsd devs or voidlinux devs to get a better idea as to why its better. Voidlinux was the first linux distro to use libressl instead of openssl. :)
I am not an expert on SSL/TLS, but I wouldn't be surprised if OpenBSD knows better, it is hailed as the most secure os on the planet from what I hear. :)
@FrostKnight I meant, where did you see that LibertyBSD doesn't use or work with LibreSSL.
https://pub.allbsd.org/LibertyBSD/6.1/packages/amd64/
For example, search openssl and then search libressl. Tell me what you see. I see only openssl. ;)
As this is a fork, Would anyone be able to tell whether libertybsd gets their updates at the same time as openbsd? or is there any delay?
LibertyBSD from what I see is now on 6.1 (April 11, 2017) while OpenBSD is on 6.5 (May 1, 2019) release. Also their git links on the page are giving 404.
My vote goes to adding it as worth mentioning for software freedom purists.
@blacklight447-ptio Aye, I created a PR about this:
https://github.com/privacytoolsIO/privacytools.io/pull/939
My original thought was that the discussion wasn't active anymore and wanted to take further steps.
However, noticing your comment I wanted to clarify.
My PR (not the issue) is about listing LibertyBSD as an alternative to OpenBSD.
Are you proposing LibertyBSD be listed separately? :)
Thanks,
@gjhklfdsa
Yes and we could make it clear that its an foss alternative for foss extremists.
LibertyBSD seems to not be maintained.
It is stuck on old 6.1 OpenBSD release from 2017.
Git repository is giving 404 and installing packages comes with an error.
Yes... that's another good reason I suppose.