Date: Tue, 2 Jun 2015 17:16:55 +0200 From: Franco Fichtner <franco@lastsummer.de> To: Kimmo Paasiala <kpaasial@gmail.com> Cc: Benjamin Kaduk <kaduk@mit.edu>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: scope of private libraries Message-ID: <7C328F06-A37A-4A1D-922E-A077FBABA306@lastsummer.de> In-Reply-To: <CA%2B7WWSfA8Hg12iKtHVtsXF457cyL2DxWVR24PMCVoHzF2UocrA@mail.gmail.com> References: <201506010138.t511cp2P088983@gw.catspoiler.org> <alpine.GSO.1.10.1506011214350.22210@multics.mit.edu> <CA%2B7WWSc47cH_C%2BJCFNv22onuf-V=mFNQ%2BU96Gx_vUm-1YU2OdQ@mail.gmail.com> <alpine.GSO.1.10.1506011238440.22210@multics.mit.edu> <2C5684F6-5D01-42BE-A7BD-13DD88040128@lastsummer.de> <alpine.GSO.1.10.1506011359040.22210@multics.mit.edu> <936D98CC-EC18-4274-B79D-13320CD398D5@lastsummer.de> <CA%2B7WWSfA8Hg12iKtHVtsXF457cyL2DxWVR24PMCVoHzF2UocrA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 02 Jun 2015, at 16:50, Kimmo Paasiala <kpaasial@gmail.com> wrote: >=20 > Even if the base system OpenSSL was modularized using pkg it would be > still subject to ABI stability requirements. In other words it would > be stuck at the version or versions that are 100% ABI compatible with > one installed initially on the first minor version of the same major > version line. Only critical security fixes would be backported to it > exactly as it is done now with the base system OpenSSL. OpenSSL base is only used by base, unexposed. All ports are built against OpenSSL from ports. I don=E2=80=99t see the ABI problem. pkgng takes care of updating shared library dependencies and ABI changes. We can already move OPNsense installations from OpenSSL to LibreSSL and back without a flinch. The real issue are hand-rolled production systems that rely on a stable crypto API because someone did not want to add a ports/packages workflow to implement proper dependency tracking. I don=E2=80=99t think = that has worked out particularly well. ;) Cheers, Franco=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7C328F06-A37A-4A1D-922E-A077FBABA306>