From owner-freebsd-security@FreeBSD.ORG Mon Jun 1 21:11:26 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6EA5E9B3 for ; Mon, 1 Jun 2015 21:11:26 +0000 (UTC) (envelope-from walt.ford@yahoo.com) Received: from nm17-vm2.bullet.mail.ne1.yahoo.com (nm17-vm2.bullet.mail.ne1.yahoo.com [98.138.91.93]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 307F01B3D for ; Mon, 1 Jun 2015 21:11:25 +0000 (UTC) (envelope-from walt.ford@yahoo.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1433192674; bh=TYzSkk9CboX5TAJLMV6G45S5cIpFzeSkQdzlFB+gbRo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From:Subject; b=SGEqQzaQ2qHdvZGoOITCCm9WolKCatjhcM3YpcRXWBgf2Cq2McdU5/3HYik0FSq2G/N9WfQhwiZmDczXVc66h+25d6qbZ/IZsLMte5aJaGVlLmNfGzduWaCkRK+1rYZzo6waqmMABBZ/YgFgNMXmo/gnGZva0u4/vWWiN47COXt03CBzEA+AWo3Gtc5AuE2K6saEe6vPXpjhFplMaAZC44kTr4ccIeRy54D7d2n58goyr0sgo3AKHiotX7OkzyeYNmlT8lj4AILSH59Zi+Bg4NmIqMzhSuHpnaNqnvLtFi/3JWmsv3o+9J0i1yI0TTjYqg6vyp+sx6TlsJBjsluPjA== Received: from [98.138.100.117] by nm17.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2015 21:04:34 -0000 Received: from [98.138.84.43] by tm108.bullet.mail.ne1.yahoo.com with NNFMP; 01 Jun 2015 21:04:34 -0000 Received: from [127.0.0.1] by smtp111.mail.ne1.yahoo.com with NNFMP; 01 Jun 2015 21:04:34 -0000 X-Yahoo-Newman-Id: 343538.39011.bm@smtp111.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: H5RDKZwVM1kFrF7X60jWK1RAzCEgrWboKwuNh7IoWZFvFCw QesuCxB.FuzfYDOEcHaRIIcw7XWQI3AUWkd6nMdp1emoT4VScVxtKQaPsG6G .5Q3IhvdLzd2n2_wjD8DGAMKaWA_MJJ.0kcqrMCpBo98RrDT6YTCSqSAgYgT T9foHjYUP6mCpU9uGEnZkrzmaIxPt4vusXoJyXsuQuWrwuiDYRIMNf5K4G7P xhBe.zt4qSG91.B3IRCltierLlY8BQPJ6RCwt3k5.8Z6G1UmY2YzWj7Szhli 5KPYAAauiW4Q9mDzDqG4iVaHz49rXjPcPIgfaG84KQLj8ARTpgZKtmALRUMt yILxitIRICurVpzKt0uxNMrhdMzbzXKZQX62WTRsS0HzdLqSnnEauUIFWu7P _GodMkUytGedWPPskMUPRjHBJb_S6Df43KYLis9jlvmIQGabL6pIvXn_gqQC bzY6G1aZARFdwHb.FhpqeZCJI3WKFJ3v6ZqZX4Epje8R_6plIWPXM2g-- X-Yahoo-SMTP: yVvIDoOswBD5zOzqXnwUE.yVSR2Kvw-- Date: Mon, 1 Jun 2015 17:05:20 -0400 From: Walt Ford To: Julian Elischer Cc: freebsd-security@freebsd.org Subject: Re: avoiding base openssl when building ports Message-ID: <20150601210520.GE68495@ws1> References: <201506010138.t511cp2P088983@gw.catspoiler.org> <556C8BFE.708@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <556C8BFE.708@freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 21:11:26 -0000 On Tue, Jun 02, 2015 at 12:44:46AM +0800, Julian Elischer wrote: > I'd like to take a bunch of libraries out of base, But That is not the > same as making them "ports". > I've said before that I thik we need something half way between. using > the ports/pkg mechanism, You could just call them supported ports. Supported means what currently happens with 3rd party code in base, and unsupported is what software in ports currently is. But, seems like there still would be an issue with compatibility and a stable API or ABI. If the current restrictions are going away, then you might as well just make them ports. If they're staying, you'll end up with an outdated supported port being maintained separately from the current unsupported port, just like now essentially. -- Skip