From owner-freebsd-ports@freebsd.org Mon Aug 29 09:15:40 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60B2CB78044 for ; Mon, 29 Aug 2016 09:15:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 417141FC for ; Mon, 29 Aug 2016 09:15:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 3CDF4B78042; Mon, 29 Aug 2016 09:15:40 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C5D0B78041; Mon, 29 Aug 2016 09:15:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA94E1FB; Mon, 29 Aug 2016 09:15:39 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: by mail-qk0-x22b.google.com with SMTP id v123so131714411qkh.2; Mon, 29 Aug 2016 02:15:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Hs2BD5rgUvbmTw55uKlF5BfHMlMeWRr1/8l6+pQGe2g=; b=JccZFsdN3hqxnaCAlZ2496u3NFLznTBT65QmbRhxKkGfpSrS1D3p/ExOG8ZQ/wW2gv qo1p2httH7hWIBtmi9j8Oe7L0e/kHpEqR3dT3ohbwmCVvZiQ+A+RVbE7bqiQ64aBSbxa fH6nSdbDJtUwgvey6VdOQH2B3QG5GEz+nSU2G8C0ss4XTJMkoylfdnO2lMHdgY7a7djo Jv0eA3QcNUeeRT4Gd6N4IpJ98DLkkNQ8J1PXQ+gvvU4l0dyuUD8M+7FjzW3hnG98c3oy Hwd+hCDoc4z5TeQxk8/v5Uc2CggpIZQIE1jnZapSTM0BUBPRBau7nX3TJxKNsVchJly3 gRbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Hs2BD5rgUvbmTw55uKlF5BfHMlMeWRr1/8l6+pQGe2g=; b=GRPzxrmVKbnr07U9/Ro5UXcgirN2mdTuIxj9UPu4nkLgoPmFMrTY27tmZebUCA6ixv KaBngrIY1C6uimSbZ7yeS0ZHT2bzyalZWQLoihF/BCX7rOb/KefUscWXiHCrps/42vuY ic4YxitAObKX/b22P74Z4UVOgSAN5fLnb1+NaW2j4V0ErfAoOIEDCKZM1ICTpD+B4Knz R7/KY4fY01T/Q47ajrn+4YTOlduM0riTvQJ8Z0iaNJxOY7H82ubP0/6q3GVuJO9l0YSy poCEx2bHpEF8MzMnoCQOiTnr8oux3O2PWumiivVXG47xsLGoN8Ky4Ob3Mx4SaQCyyvnK GI8A== X-Gm-Message-State: AE9vXwOxMQ5kCPZopA4r2JtnYEuM4NFLh+oSKW1JO9HvdTn7uRIpDL3N7hbeReLiyyV6Uh7Pto3KZiHIjOxF6A== X-Received: by 10.55.127.1 with SMTP id a1mr2926644qkd.49.1472462138884; Mon, 29 Aug 2016 02:15:38 -0700 (PDT) MIME-Version: 1.0 Received: by 10.237.51.33 with HTTP; Mon, 29 Aug 2016 02:15:18 -0700 (PDT) In-Reply-To: References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> From: Chris Date: Mon, 29 Aug 2016 10:15:18 +0100 Message-ID: Subject: Re: Upcoming OpenSSL 1.1.0 release To: Dirk Meyer Cc: ports@freebsd.org, ports-secteam@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 09:15:40 -0000 Dirk, it wont be as messy as the havoc it can cause on production machines. There is several ports which have multiple versions without a mess, I do not see wh openssl would be any different as the version used can be put in the make.conf. I just had a quick glance at the 1.2 changelog, and it will be a bad idea to put this in ports replacing 1.0.2, 1.0.2 is a LTS release and in addition 1.1.10 disables RC4 and 3des, whilst those ciphers are old there is legitimate reasons for sysadmins to support use of those ciphers for a while longer. Remember we dont all run FreeBSD as a hobby some of use this in production where we are responsible for making sure things work in a commercial environment. Decisions have to be done carefully with this in mind. Also 1.1.0 is not fully backwards compatible with 1.0.x meaning everything compiled against it has to be recompiled, which was not the case when moving upwards on minor version revisions, it seems not much thought has been put into these gotcha's as I seen a upgrade was attempted only yesterday. So I stress again, openssl needs two seperate ports, one for 1.1.x and another for 1.0.x. On 23 August 2016 at 12:09, Dirk Meyer wrote: > > >> I am excited about opensl 1.1 but I am not sure if it is right to just >> jump the security/openssl port to it, maybe make a new >> security/openssl11 port? >> >> Or move the default port but add a new security/openssl10 port for 1.0.2. > > this would only increase the mess we have, > and create only more conflicts between libssl.so versions. > > We have done this for openssl 0.9x before, not with good results. > > kind regards Dirk > > - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany > - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org]