That's part of the initial work.
I'd say that's a good fraction if it.
Once the code is re-ported and re-imported into the (diverging) OpenSSL base
Who says they're going to do that? Much more likely that LibreSSL will be an API compatible alternative. They're only going to re-integrate if LibreSSL clean up which essentially means removing a huge amount of dead code. Which is what the OBSD people are doing.
it will require an additional audit.
Good job they're not doing it then.
Things like Frama-C produce reports on impact analysis--you changed one line in one function and it affected 15% of your entire 2 million line code base.
That sounds like poor design. The OBSD people are world class experts at producing secure, audited OS level C code.
Decades of research indicate that doing something not-quite-right the first time and then going back and redoing it requires more labor than doing it right the first time.
Who says what they're doing is wrong? They're making it for OpenBSD, but OpenBSD is not a whacky system. Besides it's much easier to make sane changes against a small, well written codebase than it is to make small changes against a hairy hoary mess.
The argument is that this other strategy reaches a given end state with less total work.
Actually, no your argument was that the OBSD developers were penis waving. Ignoring that for the moment, they're trying to get down to a small audited core. This means ripping out everything that harms that goal leaving behind a small, well organised core.
Perhaps it is better to make the core more portable than go for OBSD only then see what breaks when it's being ported. There are basically a few options here: try to fix the old codebase without breaking portability (very hard), make it sane first (what they're doing now) and make it sane without sacrafiacing portability.
The middle option is the least work, and this happens to be what they're doing. It's also the only option which aligns with their goals---not only is OBSD of personal interest to these people, but it would be deeply unethical of them to use OpenBSD funding to work on other operating systems.
However they're not being dicks about it and they're not going to make life hard for you if you want a portable version: they'll even integrate it right now if you have the changes.
They're making a political move. To argue directly against your argument, I would have to argue for the closing of the OpenBSD project entirely.
So basically, you think that Theo de Raadt, who has put a vast amount of his own time and effort into this should just stop because you say so? Are you for real?
I have instead provided a counter-argument that they could, you know, contribute to the community at large instead of to their own ego.
They provide one of the most secure OSs ever made completely for free for anyone who wants. How is this not contributing to the community? They also provide OpenSSH(d), the most widely set of ssh tools in the world. Again how is this not contributing to the community? Finally off their own backs they're doing a complete stripdown and audit of the most popular SSL library free for anyone to use. Not only that, they'll even keep it up to date. How the fuck is that not contributing to the community?
But no, you're suggesting that Theo and crew should just give up and contribute *DIRECTLY* to you. I doubt de Raadt even owns a Windows or Linux machine. Why and how do you think he would do portability to those systems?
Your sense of entitlement is *incredible*. Truly, I've been flaming on the internet for years and yet you are possibly the most entitles person I've met.
This is a think-of-the-children move. "Look how bad these OpenSSL people are! We're going to do a bunch of work to make things better
Yay! That's fantastic news! They're ripping out ancient and hideous VMS compatibility code and other evils which have accumulated over the years. And fixing double frees.
But it won't be better for YOU!
It will if you (a) run OpenBSD, (b) help/pay for them to port it to Linux or (c) wait until that port inevitably gets done by other people who aren't cheap and lazy. So it will be better for you but you'll either have to (a) install OpenBSD---which is free BTW, (b) donate time/money or (c) wait until someone else does. Poor you, how you must be suffering with other perople giving you all this awesome stuff for free.
It's just really being done to mock OpenSSL and show you that we're awesome, because we have things YOU don't have!
Paranoia alert! No, it'e being done to provide a secure SSL implementation for OpenBSD.
Oh, but you could do a bunch of extra work yourself to take OUR things back and improve YOUR things.
That or install OpenBSD. And I can assure you it would be less work for you to port it than the strip down and audit in the first place.
We won't do that though, because we're... ...OpenBSD developers and we like working on OpenBSD and don't enjoy working on other OSs in our spare time or on the dime of people who have paid for us to work on Open BSD.
Sadly, however there are a metrick fuckton of... ...selfish tantrum-babies...
on the internet who believe we should work for them for free.
But, OUR thing is free, so you know. We're really awesome!
Basically yes. They're giving awesome stuff away for free. If you don't like it you can simply pretend it doesn't exist and you've lost nothing.
And fuck you all who don't use our thing, we're not here to help you infidels! We should fly a plane into your house!"
You should really see a doctor. I think you need better meds.