@alcinnz oh, do I have some feels about this one!

I'm not listed as a maintainer on any MacPort, not even the one I created (got), but I started contributing updates last year, because the LibreSSL maintainer, wasn't updating the MacPort and jwz pointed out a Letsencrypt related issue which impacted OpenSSL and LibreSSL.

Took MacPorts about 3 months to get my PR merged.

I find this especially ironic, since I used to be part of wheel at iXSystems when jkh (one of MacPorts founders) was CTO.

@alcinnz I've since submitted more PRs.

Basically any OpenBSD related code branch that has a MacPort.

Thankfully, my PRs have been merged more quickly (record now is in under an hour!) than that first attempt.

LibreSSL is current at 3.5.3, OpenSSH at 9.0, OpenIKED, GameOfTrees, the latest, etc. Thanks to MacPorts merging my PRs!

I'm not listed as a maintainer on ANY of them though.

Especially ironic, the maintainer for LibreSSL? Supposedly works at Apple!

Their LibreSSL? Is 4+ years old.

@alcinnz I've submitted a bug report to Apple too, even kindly requesting a bounty.

Not for my bug, nor my exploit, just pointing out that others had discovered exploitable code & that I had provided a more recent branch.

Rumor has it, internally Apple maybe prefers BearSSL?

But on their shipping macOS Monterey 12.5 %openssl version reveals LibreSSL 2.8.3, even today.

Should someone listed as maintainer for the MacPort, who hasn't been maintaining it & has a day job at Apple, get rewarded?

@alcinnz not to suggest that the listed maintainer may not have other priorities.

Moreover, I'm in debt and homeless and sleeping in my car.

I submit PRs to MacPorts just to feel productive.

Heck, even jkh doesn't seem as if he has submitted anything to MacPorts since around 2016, but I'm guessing maybe their move to GitHub rubbed him the wrong way? I know I hate GitHub. But, unlike jkh, I didn't co-create MacPorts (Darwinports) I also didn't found FreeBSD nor work for Apple, jkh did.

@alcinnz I do volunteer as an occasional editor for undeadly.org (the OpenBSD Journal) since around 2005 and used to submit stories to its predecessor deadly.org back when Jose Nazario et al edited it. I still dig OpenBSD a lot!

Other BSDs too, OFC.

Anyway, I'm not naming the LibreSSL MacPorts maintainer because I don't want to shame them, but are maintainers the only ones who might merit recompense?

Seems like a dubious supposition.

Libre/free open source software is a *community* effort.

Sign in to participate in the conversation

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).