From owner-freebsd-arch Thu Aug 1 13:25:32 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D37E37B400; Thu, 1 Aug 2002 13:25:26 -0700 (PDT) Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 155EE43E3B; Thu, 1 Aug 2002 13:25:26 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0503.cvx22-bradley.dialup.earthlink.net ([209.179.199.248] helo=mindspring.com) by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 17aMVX-0001uv-00; Thu, 01 Aug 2002 13:25:15 -0700 Message-ID: <3D4998F9.A736EA85@mindspring.com> Date: Thu, 01 Aug 2002 13:24:25 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Jacques A. Vidrine" Cc: Mikhail Teterin , Alexandr Kovalenko , arch@FreeBSD.ORG Subject: Re: OpenSSL vs. -lmd References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <20020801143059.GA536@nevermind.kiev.ua> <200208011151.55478.mi+mx@aldan.algebra.com> <3D498FB4.6987B696@mindspring.com> <20020801195640.GQ26797@madman.nectar.cc> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Jacques A. Vidrine" wrote: > > and is so mixed up > > in various code that it's hard to keep up with changes for > > security updates. > > Updating it required only some very minor build-infrastructure changes > outside of src/crypto/openssl. I'm not sure what you mean here. It is hard to update to the latest version of the code on a FreeBSD 4.6-RELEASE box. > > whereas the > > other things that come with the package can change rather > > frequently, since they speak to policy. > > I don't understand. Code which implements policy. > > Consider that it is very hard to use an updated OpenSSL (e.g. > > 0.9.7-Beta or 0.9.6e) with FreeBSD these days. > > Hmm, all versions of FreeBSD have OpenSSL 0.9.6e. Even those released before 0.9.6e was available? > I haven't looked > at 0.9.7 personally, but I can't imagine what would prevent one from > using it on FreeBSD. The same thing that prevents people from using the newer BIND resolver libraries: the code is maintained seperately from the FreeBSD project by an outside third party. > > Also consider that it's hard to build a project whose code is > > independent of FreeBSD itself, with all these interfaces in > > the base OS by default. > > If I grasp what you mean: Only for lazy programmers who don't > understand the interfaces that they are using. :-) No. I mean that I can't build something that will build on FreeBSD *and* build on some other platform, without having to inventory all of the implicitly installed packages on FreeBSD to know which OpenSSL I'm getting. > > My recommendation is to keep the "md" library. It satisfies > > the "mechanism, not policy" philosophy in a way that OpenSSL > > does not. > > I'm not sure how providing duplicate implementations of the digest > functions is useful or desirable. I'm in no hurry to ditch libmd, but > I do hope to get around to it someday. Duplicate functions aren't desirable, but someone imported the OpenSSL implementations anyway. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message