But we’ll also be more able to import changes from LibreSSL and they are welcome to take changes from us. We have already relicensed some of our prior contributions to OpenSSL under an ISC license at their request and completely new code that we write will also be so licensed.
Android already uses the OpenBSD libc (IIRC), so it's not inconceivable that they'll eventually do the same thing with libssl and switch to the OpenBSD implementation.
What's great about this, though, is that Google's contributions are potentially helpful in LibreSSL's eventual cross-platform porting efforts; their willingness to adopt the ISC license for their contributions is already a promising sign of that collaborative potential.
Totally agree. I love what libressl is doing and my great hope from this effort is that Google's people will port libressl PROPERLY onto Linux. That is critical for the parts where OpenBSD clearly states that the underlying OS must provide key pieces like random number generation, but the implementation must be done right and is often done poorly in initial ports.
I'm hopeful for that, too. Many of the qualms with the preliminary libressl ports revolve around (IIRC) the lack of exploit mitigation features in the operating systems being ported to; perhaps a proper port would be yet another encouragement for those features to be implemented in non-OpenBSD unixen (given that - from what I understand - both FreeBSD and Linux already have the code to support those features, and just need them to be enabled)?
"i maintain Android's C library which, as you may know, contains a lot of OpenBSD code. i've been working to clean up our mess and get us back in sync with upstream, and currently have 173 files that are exactly the same as current upstream OpenBSD. (more than we have from the other two BSDs put together.)"
I'm not tired of it at all. Programming ain't free, and if anyone could use some funding, it's them.
I mean, it's not like Apple's going out of their way to make Aqua work on non-OSX unixen, or systemd's going out of its way to work on non-Linux unixen. Just like how those rely on features of their host platforms, LibreSSL currently relies heavily on OpenBSD-specific security features in the kernel and userland, and it'll take quite a bit more effort to port that to other platforms in a secure and correct way.
Now granted, I'm an OpenBSD user, so my opinion on this is biased. However, it's the same opinion that many Linux-specific or BSD-specific or OSX-specific or Solaris-specific or Windows-specific or VMS-specific or MULTICS-specific or what-have-you-specific projects seem to already have: focus on your primary target(s), then help with porting efforts to secondary targets when it works well on the primaries.
The OpenBSD Foundation has actually been one of the most receptive projects when it comes to software portability. Yes, they target OpenBSD first, but they provide compatibility shims for all other platforms. In general, their philosophy is that it's better to reuse tried and tested code, rather than reimplement poorly from scratch. And their politics reflect that.
I realize LibreSSL is optimized for BSD and Google is primarily Linux, but it seems silly to fork the code in 2 different directions.