Date: Wed, 09 Apr 2014 14:19:58 -0700 From: Xin Li <delphij@delphij.net> To: freebsd-security@freebsd.org Cc: Ben Laurie <benl@freebsd.org>, Jung-uk Kim <jkim@freebsd.org> Subject: Re: Proposal Message-ID: <5345B97E.6000802@delphij.net> In-Reply-To: <CADgEyUuz1YU7qPkKmydOaGT%2B%2B3tK4LZZU3-1AsK5jssSkQiLYw@mail.gmail.com> References: <9eeba1ab-2ab0-4188-82aa-686c5573a5db@me.com> <8D81F198-36A7-47F4-B486-DA059910A6B4@spam.lifeforms.nl> <867g6y1kfe.fsf@nine.des.no> <CADgEyUstkxO1i_B9Qsw=K9qT=nrh9evhv8VekMdNKauOQFN6dg@mail.gmail.com> <86d2gqz2he.fsf@nine.des.no> <CADgEyUuz1YU7qPkKmydOaGT%2B%2B3tK4LZZU3-1AsK5jssSkQiLYw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04/09/14 13:39, Nathan Dorfman wrote: > Moving on, is it not worth talking about going in and defining > every -DOPENSSL_NO_* flag that exists and doesn't break the base > system? On the simple grounds that there appears to be little to be > gained from this kind of feeping creaturism, and plenty, as it > turns out, to be lost. Of course, maybe the resulting build won't > even work, or at least not work without significant effort. So this > is more of a question than an actual suggestion. I'm not sure how well this can be done (see below), but that can be done in -HEAD for experiment at least. All -STABLE branches are considered as API/ABI frozen which means if we remove a functionality, they could break existing applications that happens to work for a previous FreeBSD release, so this may cause problems for -STABLE branches as application would see loss of functionality. So this is less likely to happen (IMO). Another orthogonal thought is that we should probably remove the static libraries of OpenSSL from -HEAD now (they will still be built and maybe used in the base system when static binary is absolutely needed). This will make it easier to make sure that the system is clean of outdated OpenSSL bits when updating the libraries. Cheers, - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTRbl+AAoJEJW2GBstM+ns0XEQAIJxEjq3UdiQjo4NWwVpm6kl w/u67x3FoKehxngcmb2b+Y32C/+guWwz9gvAFnQ2cGH7EUhipxYWmcexYYg7/x3w Wl0S1StI8ib3lnnv87nvGjqPEb+N/DtvduvjjnjklNaDbUAYMiE2zWnjK7KNQ5Le iKa0WJFSJtHocF0xk8yd9CSK61crC2Cl9rYYhobUKQAEVmoAadM8vVgcK1cP2O1l J4QaYI+TZ0f1Jq+0N31y4Apei3vo9WW+OytHXyCRdsmjChLDvujy7tZ1u8iJignu VV2/zUiUCP4ULQUtn6lN0V2yLdqQjiW0SYMzwkOY0cAZNTTRmj/iLSPSf1RMSjxl MxjNM4TCp/xU20PfZZicE72BNuDctOhcE40WiZ4nhpKNHXBaD7+uy4CdUsFsae50 a8TFVoy5mPFEUq9MRvO/cxvVgdRxtEpDaEROGYFbWDDzjOHJ+vP0NvPRep6SBkUw b5OIZ73YU93kAMs/Ow7D3rlHsgnQ+E0Hgg9jeLc5iK2nWQhbKauY2GVJNtWjfoEV 10WSRSTmlVOS6S+VJwKmbAV5pc2XXgS1mq1i23S09Q4KnxS+xIvryMopYnA6qJFM cZ4rYK4FRg0JYm/gHmoCFhNuD9ZozUd+Lkhkoj/zT/ZPluvzFYFwsqxoLma/MGrt 8bUUa5K1COCDFqn8ECQp =C17j -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5345B97E.6000802>