115
OpenSSL goes GitHub only (openssl.org)
submitted 11 months ago* (last edited 11 months ago) by lemmyreader@lemmy.ml to c/opensource@lemmy.ml
53 comments fedilink hide all child comments

We’re no longer using our old ftp, rsync, and git links for distributing OpenSSL. These were great in their day, but it’s time to move on to something better and safer. ftp://ftp.openssl.org and rsync://rsync.openssl.org are not available anymore. As of June 1, 2024, we’re also going to shut down https://ftp.openssl.org and git://git.openssl.org/openssl.git mirrors.

GitHub is becoming the main distributor of the OpenSSL releases.

you are viewing a single comment's thread
view the rest of the comments
[-] GammaGames@beehaw.org 3 points 11 months ago

Even if they don’t I’m sure many others will

[-] lemmyreader@lemmy.ml 7 points 11 months ago

Well, yes. But let's say the OpenSSL developers copy new changes of source code to GitHub, and something goes wrong after the copying (Think of a malicious attacker breaking in and changes some code), then all the people copying from that one download link will be in the same boat as well.

[-] GammaGames@beehaw.org 5 points 11 months ago* (last edited 11 months ago)

Any official mirrors would sync the changes anyway, it’s automatic

Edit: Oh, I think I misunderstood your point. I agree that hosting the repos themselves would make it harder for randoms to maliciously introduce code

[-] lemmyreader@lemmy.ml 5 points 11 months ago

I was trying to say that if the OpenSSL developers upload new source code to only GitHub and something goes wrong, even for example simply a mistake or failure by GitHub, then other users wanting to download will not have to wait for the OpenSSL developers to repair that problem when OpenSSL project would for example have mirrors on Codeberg or sourcehut or their own git server, the latter which they intend to deprecate.

[-] GammaGames@beehaw.org 3 points 11 months ago

If they were to set up an official mirror it would be automatic, so I don’t think there’s any real way to avoid that problem with their current plan. But you’re right! Sorry for the confusion

[-] refalo@programming.dev 2 points 11 months ago

What is your definition of harder? I think bugs/breaches are even more likely on personal forges than github. Not that one should rely on github anyways...

[-] GammaGames@beehaw.org 2 points 11 months ago

I agree

[-] refalo@programming.dev 1 points 11 months ago* (last edited 11 months ago)

I think "something goes wrong" is even MORE likely to happen on randomdude.com's insecure git forge

[-] ReversalHatchery@beehaw.org 1 points 11 months ago* (last edited 11 months ago)

Codeberg and SourceHut are not really randomdude.com's insecure git forge. Both are doing development on their own services, and those services are not bad, like at all

[-] toastal@lemmy.ml 0 points 11 months ago

Microsoft GitHub is riddled with bugs, is down at least once a month, & throttles non-Western IPs.

[-] Auzy@beehaw.org 1 points 11 months ago

What bugs? Be specific..

Also, I can't remember the last time Github has been offline for me (in the last 3.5 years of using it at work)

[-] toastal@lemmy.ml 1 points 11 months ago* (last edited 11 months ago)

The one I ran into 2 days ago was a user approving a pull request while I was requesting their & other maintainers review. It canceled their approval & I had to fetch them to reapprove since in that project no-green-checkmark-no-merge. It should not have erased their approval.

I bet you live in the West. My daytime, there are heaps of outages.

this post was submitted on 02 May 2024
115 points (96.0% liked)

Open Source

35561 readers
676 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml