Date: Sat, 9 Jul 2016 23:14:04 +0200 From: Guido Falsi <mad@madpilot.net> To: freebsd-ports@freebsd.org Subject: Re: base components should always be default (Re: change in default openssl coming) Message-ID: <25fc6bb5-a4ae-34cc-818f-37bae2e0fa10@madpilot.net> In-Reply-To: <20160709204014.GA73439@graf.pompo.net> References: <D13290234BD20864405FC0B2@atuin.in.mat.cc> <f146f327-67f8-2ecf-21a9-b348dbe614c2@aldan.algebra.com> <alpine.BSF.2.20.1607091032170.3737@laptop.wojtek.intra> <SN2PR20MB0845FAC67392F6D12166894F803D0@SN2PR20MB0845.namprd20.prod.outlook.com> <6ceaba03-3e07-606d-3c93-f3f40c8ae38d@madpilot.net> <20160709173116.GU94145@graf.pompo.net> <3547d58c-c4d9-5165-6f80-2cb2326a5eb0@madpilot.net> <20160709204014.GA73439@graf.pompo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/09/16 22:40, Thierry Thomas wrote: > Le sam 9 jul 16 à 20:35:59 +0200, Guido Falsi <mad@madpilot.net> > écrivait : > >> But that option will not change the basic problem of how the OS is >> developed. FreeBSD base will anyway include OpenSSL even though users >> can choose(and have been able to for a long while) too not install it. > > But with a packaged base, OpenSSL from base and OpenSSL from ports could > be merged. > Don't think that's an option. Having base depend on a port which can change below it would be a major cause of instability. Also the port's OpenSSL could change API/ABI at any time, while base software cannot follow such a schedule. Base software requires a stable API, and needs to be tested each time the library below it changes. I think the only viable solution to this is making base OpenSSL a private library not exposed externally (like other libraries in base) so it is decoupled. As I said this would remove the need for stability of the exposed ABI/API allowing base to update it whenever it's needed, and also migrating to another implementation if that's what developers choose to do. This is also complicated by ports having mixed requirements. Certain ported software depends on the latest and greatest SSL library, others depend on older APIs, so ports have to cater for these needs too, which are in sharp contrast with base ones. I agree that packages base anyway helps with making openssl private. The point is, ports have a need to allow for linking with a vast array of SSL libraries (two versions of OpenSSL and the various LibreSSL PolarSSL and others), base needs a stable one with tested compatibility at each slightest change. -- Guido Falsi <mad@madpilot.net>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25fc6bb5-a4ae-34cc-818f-37bae2e0fa10>