Re: Two thumbs up to Theo DeRaadt ...
So thumbs up for the effort, but there is a need for an independent review effort…
That is a loaded statement. Code review is always good and should be part of the development process. However, let's think about the suggestion in the context of the OpenSSL debacle:
1. The fork was started after a code review
2. Any good fork should aim to pass at least all existing unit tests
3. There already exists sophisticated penetration testing infrastructure for testing the known weaknesses of OpenSSL and discovering new ones both in it and LibreSSL
4. Code counts - the best way to discover defects is to make the code available
If LibreSSL can pass the existing tests then it is as secure as OpenSSL. Cutting a release will encourage the security experts to scrutinise it and competition here between the two projects can only be good.