OpenSSL – the future

I guess it had to happen. The team at OpenBSD has started to dissect OpenSSL following the Heartbleed vulnerability and have created a fork – LibreSSL.

I’m not huge fan of forking – it always seems a needless duplication of effort by splitting resources to work on essentially the same goal. However, this presentation from Bob Peck of the OpenBSD Foundation points out some interesting justification for LibreSSL. The scary thing is how much blind faith is placed in the ubiquitous OpenSSL. Whatever happens with LibreSSL, I applaud the efforts of the OpenBSD team – it’s one instance of forking that appears to be fully justifiable and long overdue.