Security 10748 Published by

Stripped down package means there will be three independent versions of OpenSSL.



From Arstechnica:
The unveiling of BoringSSL, as the Google fork has been dubbed, means there will be three separate versions of OpenSSL, which is best known for implementing the secure socket layer and transport layer security protocols on an estimated 500,000 websites. Developers of the OpenBSD operating system took the wraps off LibreSSL a few weeks after the surfacing of Heartbleed. Google is taking pains to ensure BoringSSL won't unnecessarily compete or interfere with either of those independent projects. Among other things, the company will continue to back the Core Infrastructure Initiative, which is providing $100,000 in funding to OpenSSL developers so they can refurbish their badly aging code base.

"But we’ll also be more able to import changes from LibreSSL and they are welcome to take changes from us," Adam Langley, a widely respected cryptography engineer and Google employee, wrote in a blog post introducing BoringSSL. "We have already relicensed some of our prior contributions to OpenSSL under an ISC license at their request and completely new code that we write will also be so licensed."
  Google unveils independent fork of OpenSSL called BoringSSL