From owner-freebsd-ports@FreeBSD.ORG Wed May 13 12:57:00 2015 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 21EC8E30 for ; Wed, 13 May 2015 12:57:00 +0000 (UTC) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E765713DD for ; Wed, 13 May 2015 12:56:59 +0000 (UTC) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 7F6A320693 for ; Wed, 13 May 2015 08:56:58 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute2.internal (MEProxy); Wed, 13 May 2015 08:56:58 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=ax9zA5hbXcBz85j HgovEM9Csak4=; b=Xh654U40js4vMtRFIPbm/83mkhDJqvGWPBomgwBgN3o+qwp WuZCDZqTf36sAyddLuUM4MnCwZNQvIWAgMlyUwuYdEIn9voYCHbyiqY+wkVUz92O S+qZ5fyc1BYLiY/yNOQcaih9EBPRRfc3dQcdn+SFC6NtzhaIHfeweUsTj6aY= Received: by web3.nyi.internal (Postfix, from userid 99) id 5C292117BA7; Wed, 13 May 2015 08:56:58 -0400 (EDT) Message-Id: <1431521818.873625.267680457.265BC772@webmail.messagingengine.com> X-Sasl-Enc: BO46HqoYCAYQkGzovOD9NmAgMlZUyDuI8wyidJGSnR9e 1431521818 From: Mark Felder To: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-e7ca9928 Subject: Re: www/firefox really depends on security/openssl? Date: Wed, 13 May 2015 07:56:58 -0500 In-Reply-To: References: <20150509125643.0bda93e6@kirk.drpetervoigt.private> <554EEBB5.8010304@rawbw.com> <20150511202110.34e6e29c@kirk.drpetervoigt.private> <55510C22.9050900@rawbw.com> <20150512000259.32a44ec4@kirk.drpetervoigt.private> <55512E8F.8040508@rawbw.com> <20150512022857.7230c163@kirk.drpetervoigt.private> <55515251.5040503@rawbw.com> <20150512112505.5f36f0b2@kirk.drpetervoigt.private> <5551DB5A.7090508@rawbw.com> <20150513012435.1912fdc2@kirk.drpetervoigt.private> X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2015 12:57:00 -0000 On Wed, May 13, 2015, at 06:11, Carmel NY wrote: > On Wed, 13 May 2015 01:24:35 +0200, Dr. Peter Voigt stated: > > [Truncated] > > The most reliable method to eliminate this, for lack of a better word > "bullshit", would be for FreeBSD to keep the "base" system "openssl" > version" up-to-date. It is apparent to even the most casual observer that > the present method of allowing to different versions of such an important > application on the same system without a fail proof method of choosing > which > version to use as you have demonstrated is truly counter productive to a > "stable" environment. > > Assuming that the FreeBSD developers won't do it, perhaps you might > investigate on how to replace the "base openssl" with the "port's > openssl" > version and eliminate the problem completely. > > By the way, I have run into this same nonsense myself. > You can't do this without breaking the base system, so please don't try. The "correct" solution is for OpenSSL in base to be "private" so nothing else knows of its existence except the base system utilities that depend on it. There are plans for this to happen. I am not privy to a timeline.