From owner-freebsd-questions@FreeBSD.ORG Sat Mar 3 12:49:31 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8589B106566C for ; Sat, 3 Mar 2012 12:49:31 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id B34EA8FC1C for ; Sat, 3 Mar 2012 12:49:30 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q23CnQTw096293 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sat, 3 Mar 2012 12:49:26 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.4.3 smtp.infracaninophile.co.uk q23CnQTw096293 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1330778966; bh=beCoao1rblEzpiXPdFFOImEQXG9tqADMo/19FRxnFLU=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Cc; b=CtWIib23Hjq5O8M7rLt09mnMfsl/twiXgrSk2ftp8Ghoh6Z6ODAWGvWl8+odwp03d 8TqM0PiGn5PAS7w9Kd8gkFNBkiKr/buXcuuZJe4FT3Vy1eedMNa/z5dt7Ngz38niDo JEzBcBTPhtv97UchMGfWGVxZHgdMRlBIaSzPmPcQ= Message-ID: <4F52134E.1090408@infracaninophile.co.uk> Date: Sat, 03 Mar 2012 12:49:18 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com> <20120302182156.58c10d82@scorpio> <4F515B24.9050406@infracaninophile.co.uk> <20120303071958.0c963330@scorpio> In-Reply-To: <20120303071958.0c963330@scorpio> X-Enigmail-Version: 1.3.5 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE5EFC7090A9BC86B275D5B53" X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: openssl from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2012 12:49:31 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE5EFC7090A9BC86B275D5B53 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/03/2012 12:19, Jerry wrote: > On Fri, 02 Mar 2012 23:43:32 +0000 > Matthew Seaman articulated: >=20 >> Stable/9, but this hasn't changed in 9.0-RELEASE: >> >> worm:~:# /usr/bin/openssl version >> OpenSSL 0.9.8q 2 Dec 2010 >=20 > Matthew, why does FreeBSD continue to use an older version of OPENSSL > for the base system when a newer version is available? While I could > understand, even if not fully approve the use of an older version in > the same major version, its continues use as the de facto standard in a= n > entirely new major version release is counter productive. There have > been many improvements in the 1.x release of OPENSSL so I fail to see > the logical use of the older version. If anything, they (the FreeBSD > developers) could keep this older version available in the ports system= > and use the newer version as the default in the base system. Unfortunately I can't answer that. I'm not in any position to decide such things. However I can hazard a guess at some of the possible reasons: * openssl API changes between 0.9.x and 1.0.0 mean updating the shlibs is not a trivial operation, and it was judged that the benefits obtained from updating did not justify the effort. * no one had any time to import the new version. There's plenty of security-critical stuff depending on openssl, and making sure all of that didn't suffer from any regressions is not a trivial job. * simply that no one thought of doing the upgrade. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigE5EFC7090A9BC86B275D5B53 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9SE1UACgkQ8Mjk52CukIz1vgCfdMI91y2s+VSbFx9xGXeVdSfs esUAn3Me3mnSKN3/HGgFyPPfKd3hlYut =3SRL -----END PGP SIGNATURE----- --------------enigE5EFC7090A9BC86B275D5B53--