Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Jun 2015 17:16:55 +0200
From:      Franco Fichtner <franco@lastsummer.de>
To:        Kimmo Paasiala <kpaasial@gmail.com>
Cc:        Benjamin Kaduk <kaduk@mit.edu>, freebsd-security <freebsd-security@freebsd.org>
Subject:   Re: scope of private libraries
Message-ID:  <7C328F06-A37A-4A1D-922E-A077FBABA306@lastsummer.de>
In-Reply-To: <CA%2B7WWSfA8Hg12iKtHVtsXF457cyL2DxWVR24PMCVoHzF2UocrA@mail.gmail.com>
References:  <201506010138.t511cp2P088983@gw.catspoiler.org> <alpine.GSO.1.10.1506011214350.22210@multics.mit.edu> <CA%2B7WWSc47cH_C%2BJCFNv22onuf-V=mFNQ%2BU96Gx_vUm-1YU2OdQ@mail.gmail.com> <alpine.GSO.1.10.1506011238440.22210@multics.mit.edu> <2C5684F6-5D01-42BE-A7BD-13DD88040128@lastsummer.de> <alpine.GSO.1.10.1506011359040.22210@multics.mit.edu> <936D98CC-EC18-4274-B79D-13320CD398D5@lastsummer.de> <CA%2B7WWSfA8Hg12iKtHVtsXF457cyL2DxWVR24PMCVoHzF2UocrA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On 02 Jun 2015, at 16:50, Kimmo Paasiala <kpaasial@gmail.com> wrote:
>=20
> Even if the base system OpenSSL was modularized using pkg it would be
> still subject to ABI stability requirements. In other words it would
> be stuck at the version or versions that are 100% ABI compatible with
> one installed initially on the first minor version of the same major
> version line. Only critical security fixes would be backported to it
> exactly as it is done now with the base system OpenSSL.

OpenSSL base is only used by base, unexposed.  All ports are built
against OpenSSL from ports.  I don=E2=80=99t see the ABI problem.  pkgng
takes care of updating shared library dependencies and ABI changes.
We can already move OPNsense installations from OpenSSL to LibreSSL
and back without a flinch.

The real issue are hand-rolled production systems that rely on a
stable crypto API because someone did not want to add a ports/packages
workflow to implement proper dependency tracking.  I don=E2=80=99t think =
that
has worked out particularly well.  ;)


Cheers,
Franco=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7C328F06-A37A-4A1D-922E-A077FBABA306>