From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by mx.groups.io with SMTP id smtpd.web11.138726.1680719515369376210 for ; Wed, 05 Apr 2023 11:31:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=bzh2ng07; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: quicinc.com, ip: 205.220.168.131, mailfrom: quic_llindhol@quicinc.com) Received: from pps.filterd (m0279864.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 335ILJSr003280; Wed, 5 Apr 2023 18:31:55 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=qcppdkim1; bh=7xHrBA4ywQrYeEOBAjfpDUHYHsvjASf0nYlrBGps7Co=; b=bzh2ng07O+et2vLm7hCR3S+0UlOAGViZrxj+EygtkQMgO8pNJ7bz/xPYN8BwyOmZi9/h C9CPpV3lWXPqQ0YWSCfnktguRi/RAJTfSjRLeTDiFYZvm9jJ6KVL1BCKhpFD00JtAP5V KJ/z+Dx3/gr3XZ4JatF5uzRReD6YTeUp9Bar/Uuoo/K3R/70Wq8RHKG5Q701oSITckjS ux2gut5vaHbeEsjn/sMIJqzl3gvv9vczDcdM+ek/7LdwLbm1lzQe9UGukdj7DBozQe6g c970E4AD42VHmKHOWxAPR7pjtQYcvGAaXZUWDd4Ew1qChXpfB6oZTANKm6OH09EDtGFW Eg== Received: from nasanppmta05.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3prgveve67-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 05 Apr 2023 18:31:54 +0000 Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 335IVsEB002309 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 5 Apr 2023 18:31:54 GMT Received: from qc-i7.hemma.eciton.net (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.42; Wed, 5 Apr 2023 11:31:53 -0700 Date: Wed, 5 Apr 2023 19:31:49 +0100 From: "Leif Lindholm" To: , CC: Subject: Re: [edk2-devel] [RFC] [edk2-openssl fork] Add openssl fork repo to Tianocore to support OpenSSL11_EOL Message-ID: References: <4pzqsrlxnn56lgzehoibgiovzhzsgsclibbajptc6u2ajtdf2p@45etglgtly7z> MIME-Version: 1.0 In-Reply-To: <4pzqsrlxnn56lgzehoibgiovzhzsgsclibbajptc6u2ajtdf2p@45etglgtly7z> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: 2QEyGB5H5mDHnAT2cj8DWKNhA-hXVcQH X-Proofpoint-GUID: 2QEyGB5H5mDHnAT2cj8DWKNhA-hXVcQH X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-05_13,2023-04-05_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 mlxlogscore=999 clxscore=1015 impostorscore=0 lowpriorityscore=0 adultscore=0 bulkscore=0 suspectscore=0 malwarescore=0 spamscore=0 priorityscore=1501 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304050167 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline On Wed, Apr 05, 2023 at 13:39:21 +0200, Gerd Hoffmann wrote: > On Wed, Apr 05, 2023 at 01:37:23AM +0000, Yao, Jiewen wrote: > > Hi > > This is follow up for the "Openssl1.1 replacement proposal" https://edk2.groups.io/g/devel/topic/96741156. > > openssl 3.0 POC result is shown at https://github.com/tianocore/edk2-staging/blob/OpenSSL11_EOL/CryptoPkg/Readme-OpenSSL3.0.md > > The size increase is reduced to ~10%. > > > > In order to achieve maximum size optimization for openssl 3.0, we > > updated openssl 3.0 branch and recorded to > > https://github.com/liyi77/openssl/tree/openssl-3.0-POC. > > To help the community review and feedback the openssl 3.0 change > > and plan to openssl upstream in the future, we should avoid > > personal branch usage. > > I fail to see the point. To get the openssl changes merged upstream > you needed engage with the openssl community, and I don't see how a > tianocore openssl repository helps with that. Here is my understanding: - There is a concern that this change may break existing use-cases, and the proposal is to collate current state of work - undergoing upstreaming to openssl - so that the tianocore community (and downstream consumers) can start testing it with minimal amount of faff. - There is *no* plan for the edk2 repository to switch to using this submodule. If that understanding is correct, as long as the README.md is updated to clearly state that this repository is for integration and verification purposes only - at the very top - I think this is a good thing. / Leif