Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Apr 2003 23:10:55 -0700 (PDT)
From:      Doug Barton <DougB@FreeBSD.org>
To:        "Jacques A. Vidrine" <nectar@FreeBSD.org>
Cc:        Kris Kennaway <kris@obsecurity.org>
Subject:   Re: cvs commit: ports/security/openssl-beta Makefile
Message-ID:  <20030416230828.A12786@znfgre.tberna.bet>
In-Reply-To: <20030417020124.GA56123@madman.celabo.org>
References:  <200304161444.h3GEi5DX063598@repoman.freebsd.org> <20030417020124.GA56123@madman.celabo.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Apr 2003, Jacques A. Vidrine wrote:

> On Wed, Apr 16, 2003 at 12:04:10PM -0700, Kris Kennaway wrote:
> > On Wed, Apr 16, 2003 at 07:44:05AM -0700, Dirk Meyer wrote:
> > > dinoex      2003/04/16 07:44:05 PDT
> > >
> > >   FreeBSD ports repository
> > >
> > >   Modified files:
> > >     security/openssl-beta Makefile
> > >   Log:
> > >   - ### HEAD UP ### SHLIBVER has been bumped back.
> > >   - honor OPENSSH_SHLIBVER if set by user.
> >
> > Whoa there..you can't do this without creating all sorts of problems
> > for users.
>
> It's (something like) this, or screw all ports users the next time the
> OpenSSL ABI changes.  Whether OpenSSL 0.9.6 is installed from the base
> system or ports, it should use shared library version 2.  Whether
> OpenSSL 0.9.7 is installed from the base system or ports, it should
> use shared library version 3.
>
> Because these were out-of-sync previously, some
> OpenSSL-from-ports-using folks were hosed when OpenSSL 0.9.7 was
> imported (they had to recompile OpenSSL-using ports).

I agree with Jacques and Dirk here. Bumping the lib version in the port
was a mistake that has caused our users grief, and has the potential to
keep doing so in the future. I get two or three messages related to this
problem and bind 9's usage of openssl a week, and I know that the bind 9
issue is very low profile compared to other, related problems.

It's a painful thing to do, but it's a little pain now, and get it over
with, or more and more down the road.

Doug

-- 

    This .signature sanitized for your protection



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416230828.A12786>