Date: Mon, 11 Jul 2016 19:48:44 +0300 From: Andrey Chernov <ache@freebsd.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru>, Mark Felder <feld@feld.me> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: GOST in OPENSSL_BASE Message-ID: <c670eadd-05f6-7332-afa6-8867c4f57eef@freebsd.org> In-Reply-To: <20160711162902.GO46309@zxy.spb.ru> References: <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <20160710150143.GK46309@zxy.spb.ru> <cb12083d-445a-ea19-5538-d670a89fcc6d@freebsd.org> <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org> <d4329543-0503-cfc0-eb17-378d561d4c0f@freebsd.org> <20160711102906.GN46309@zxy.spb.ru> <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com> <20160711162902.GO46309@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11.07.2016 19:29, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: > >> >> >> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: >>> >>> I.e. GOST will be available in openssl. >>> Under BSD-like license. >>> Can be this engine import in base system and enabled at time 1.1.0? >>> And can be GOST enabled now? >>> >> >> I think the wrong question is being asked here. Instead we need to focus >> on decoupling openssl from base so this can all be handled by ports. > > This is wrong direction with current policy. > ports: unsupported by FreeBSD core and securite team, no guaranted to comaptible > between options and applications. > > base: supported by FreeBSD core and securite team, covered by CI, > checked for forward and backward API and ABI compatibility. > Ports are supported by secteam, and recently I notice "headsup" mail with intention to make base openssl private and switch all ports to security/openssl port. Adding of GOST as 3rd party plugin is technically possible in both (base, ports) cases, the rest of decision is up to FreeBSD openssl maintainers and possible contributors efforts. I need to specially point to "patches" section of the 3rd party GOST plugin, from just viewing I don't understand, are those additional openssl patches should be applied to openssl for GOST, or they are just reflect existent changes in the openssl.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c670eadd-05f6-7332-afa6-8867c4f57eef>