Date: Sat, 03 Mar 2012 15:01:36 +0200 From: Volodymyr Kostyrko <c.kworr@gmail.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: openssl from ports Message-ID: <4F521630.80108@gmail.com> In-Reply-To: <4F52134E.1090408@infracaninophile.co.uk> References: <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com> <20120302182156.58c10d82@scorpio> <4F515B24.9050406@infracaninophile.co.uk> <20120303071958.0c963330@scorpio> <4F52134E.1090408@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: >>> Stable/9, but this hasn't changed in 9.0-RELEASE: >>> >>> worm:~:# /usr/bin/openssl version >>> OpenSSL 0.9.8q 2 Dec 2010 >> >> Matthew, why does FreeBSD continue to use an older version of OPENSSL >> for the base system when a newer version is available? While I could >> understand, even if not fully approve the use of an older version in >> the same major version, its continues use as the de facto standard in an >> entirely new major version release is counter productive. There have >> been many improvements in the 1.x release of OPENSSL so I fail to see >> the logical use of the older version. If anything, they (the FreeBSD >> developers) could keep this older version available in the ports system >> and use the newer version as the default in the base system. > > Unfortunately I can't answer that. I'm not in any position to decide > such things. > > However I can hazard a guess at some of the possible reasons: > > * openssl API changes between 0.9.x and 1.0.0 mean updating the > shlibs is not a trivial operation, and it was judged that the > benefits obtained from updating did not justify the effort. > > * no one had any time to import the new version. There's plenty of > security-critical stuff depending on openssl, and making sure all > of that didn't suffer from any regressions is not a trivial job. > > * simply that no one thought of doing the upgrade. Actually there is something weird about openssl maintenance: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/163951 I asked in the lists, bugged different persons and still can't get clear answer about this vulnerability. You know I'm just not feeling safe with ECDSA keys... -- Sphinx of black quartz judge my vow.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F521630.80108>