Date: Mon, 28 Apr 2014 10:11:55 -0400 From: Greg Troxel <gdt@ir.bbn.com> To: Paul Hoffman <paul.hoffman@vpnc.org> Cc: freebsd-security@freebsd.org Subject: Re: ports requiring OpenSSL not honouring OpenSSL from ports Message-ID: <rmi8uqp7dck.fsf@fnord.ir.bbn.com> In-Reply-To: <AFCC7276-2C8F-423E-A417-AE492F5162E6@vpnc.org> (Paul Hoffman's message of "Sun, 27 Apr 2014 08:29:01 -0700") References: <201404271508.s3RF8sMA014085@catnip.dyslexicfish.net> <AFCC7276-2C8F-423E-A417-AE492F5162E6@vpnc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-=-= Content-Type: text/plain Paul Hoffman <paul.hoffman@vpnc.org> writes: > On Apr 27, 2014, at 8:08 AM, Jamie Landeg-Jones <jamie@dyslexicfish.net> wrote: > >> Basically what I'm asking: Shouldn't a port that uses OpenSSL *always* >> build against the port if it's installed? > > Yes, that is a reasonable expectation. I certainly had it in my head > when I rebuilt Sendmail+TLS after heartbleed, but I didn't think of > checking it. I can see your point, but simply using a package that is installed violates one of the basic design points of packaging systems. The built package should not depend on the environment in ways that are not expressed within packaging metadata. In pkgsrc (NetBSD), pkgsrc openssl can be used. But, there is a calculated default (per platform) of whether the builtin version is good enough. Currently, netbsd-5's 0.9.9 is deemed too crufty (due to features; this is not about heartbleed). There are also variables to set to prefer/use pkgsrc openssl even if builtin is deemed adequate, for people that want to build that way. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlNeYasACgkQ+vesoDJhHiVGcgCfbh9MImTC0roNC7UdepqGI9Ww lGAAoLekMldntoZDX4+ZYmta7pV3uknd =waHm -----END PGP SIGNATURE----- --=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rmi8uqp7dck.fsf>