A number that I've seen thrown around: it takes 5 years to create a language. Probably less nowadays since we have all the tooling. It might make sense to wait until the language has settled-down before open-sourcing.
> The "severity" is often not accurate. OpenSSL recently marked an issue as lowly severe, but in fact its severity was high.
...
> LibreSSL has had no "high" vulnerabilities, whereas OpenSSL had 5. Decide for yourself which way to go.
I'm not defending or apologizing for OpenSSL (or any project), but your rationale isn't consistent, seemingly only trying to evoke an emotional response.
Since heartbleed, lots of new SSL implementations have sprung up (Libre, Boring, etc), and hard lights have shone on OpenSSL as well. The scrutiny and competition will come to be win for all consumers of SSL. It's not clear to me (as a consumer) that any project has a huge leg-up over another (though Libre's wholesale dump of a tremendous amount of legacy code sounds like a step in the right direction).
Do we even know this won't show up in other (Boring, Libre) implementations as well ?
> I'm not defending or apologizing for OpenSSL (or any project), but your rationale isn't consistent, seemingly only trying to evoke an emotional response.
The GP is pointing out that LibreSSL has avoided the 5 vulnerabilities that OpenSSL marked sev:high since the fork. There isn't any inconsistency about that, it's a pure apples-with-apples comparison.
> It's not clear to me (as a consumer) that any project has a huge leg-up over another
LibreSSL has avoided almost half of the OpenSSL vulnerabilities found since the work. What more do you want?
Format tip: prefix a block of lines with two spaces (on each line) and a newline before and after the block to turn it into a fixed-width font, then format ASCII-style.
commit 18844bc65229786b96b89a9fc7739c0fc897905e
Author: Chris Lattner <clattner@apple.com>
AuthorDate: Sat Jul 17 23:50:59 2010 +0000
Commit: Chris Lattner <clattner@apple.com>
CommitDate: Sat Jul 17 23:50:59 2010 +0000