From owner-freebsd-questions@FreeBSD.ORG Sat Mar 3 15:11:04 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B121106564A for ; Sat, 3 Mar 2012 15:11:04 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com [209.85.212.182]) by mx1.freebsd.org (Postfix) with ESMTP id 164B58FC13 for ; Sat, 3 Mar 2012 15:10:58 +0000 (UTC) Received: by wibhn6 with SMTP id hn6so1503421wib.13 for ; Sat, 03 Mar 2012 07:10:57 -0800 (PST) Received-SPF: pass (google.com: domain of rwmaillists@googlemail.com designates 10.180.96.230 as permitted sender) client-ip=10.180.96.230; Authentication-Results: mr.google.com; spf=pass (google.com: domain of rwmaillists@googlemail.com designates 10.180.96.230 as permitted sender) smtp.mail=rwmaillists@googlemail.com; dkim=pass header.i=rwmaillists@googlemail.com Received: from mr.google.com ([10.180.96.230]) by 10.180.96.230 with SMTP id dv6mr4400439wib.11.1330787457854 (num_hops = 1); Sat, 03 Mar 2012 07:10:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=Cx2yKGw4jg+4RhPQ45e6KWMIJl20tlSoNsypkhHgru8=; b=zUZNWn6RkR3bFI3vzqq+cE5Cfk95tQcShHH1BqWPPYLL2koBdcjUB0u3X+/WvAayJR 2vlSCFwukGNJ/qDo4rrlFrVRBkAGBSb4RfvbQgFMVAte8WflB25wXkycUukPLjvAXUYN LANbK0m9Ltdy6ljoKWtsNNanhcFxl2eeZwrWRtYkHK8qSMRhO1eU9/yE2Oh3qDw+UiNA ez0+yT0Rt9ioKmz6Cgowz2/8GH5zh2euZDsxYWwGdSLHb/Yj/Abn4zuujUDdy1PbOW5+ S2BiDsaVtmjAZIZBo4CVfDombaIsrGXrU3Axssj1tK4lNnvjk7lSzlEBr5ulTjPAFWwE VuMQ== Received: by 10.180.96.230 with SMTP id dv6mr3482491wib.11.1330787457811; Sat, 03 Mar 2012 07:10:57 -0800 (PST) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id cc3sm28578646wib.7.2012.03.03.07.10.56 (version=SSLv3 cipher=OTHER); Sat, 03 Mar 2012 07:10:56 -0800 (PST) Date: Sat, 3 Mar 2012 15:10:53 +0000 From: RW To: freebsd-questions@freebsd.org Message-ID: <20120303151053.6dbe3d68@gumby.homeunix.com> In-Reply-To: <20120303083141.1975c60c@scorpio> References: <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com> <20120302182156.58c10d82@scorpio> <4F515B24.9050406@infracaninophile.co.uk> <20120303071958.0c963330@scorpio> <4F52134E.1090408@infracaninophile.co.uk> <20120303083141.1975c60c@scorpio> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: openssl from ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2012 15:11:04 -0000 On Sat, 3 Mar 2012 08:31:41 -0500 Jerry wrote: > On Sat, 03 Mar 2012 12:49:18 +0000 > Matthew Seaman articulated: > > > Unfortunately I can't answer that. I'm not in any position to > > decide such things. > > > > However I can hazard a guess at some of the possible reasons: > > > > * openssl API changes between 0.9.x and 1.0.0 mean updating the > > shlibs is not a trivial operation, and it was judged that the > > benefits obtained from updating did not justify the effort. > > > > * no one had any time to import the new version. There's plenty > > of security-critical stuff depending on openssl, and making sure all > > of that didn't suffer from any regressions is not a trivial > > job. > Thanks Matthew. Personally, I have my own take on the matter. > Regarding your first two possibility, I believe the problem can be > directly traced to "procrastination". At some point in time, there > will come the need to update the base system's OPENSSL version. > Procrastination only doubles the work you have to do tomorrow. In general skipping versions and letting the more gung-ho linux distributions knock the bugs out doesn't double the work. > It > reminds me of what a college professor once told me, "There is never > enough time to do it right, but there is always enough time to do it > over." Sad but true. I would interpret this in completely the opposite way. This is an argument for using mature software, keeping it well patched and updating only when the case for updating justifies the effort of doing it properly.