Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 03 Mar 2012 12:49:18 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        freebsd-questions@freebsd.org
Subject:   Re: openssl from ports
Message-ID:  <4F52134E.1090408@infracaninophile.co.uk>
In-Reply-To: <20120303071958.0c963330@scorpio>
References:  <86fwdqvf2x.fsf@red.stonehenge.com> <20120302171631.775dd715@scorpio> <867gz2vdtg.fsf@red.stonehenge.com> <20120302182156.58c10d82@scorpio> <4F515B24.9050406@infracaninophile.co.uk> <20120303071958.0c963330@scorpio>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE5EFC7090A9BC86B275D5B53
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/03/2012 12:19, Jerry wrote:
> On Fri, 02 Mar 2012 23:43:32 +0000
> Matthew Seaman articulated:
>=20
>> Stable/9, but this hasn't changed in 9.0-RELEASE:
>>
>> worm:~:# /usr/bin/openssl version
>> OpenSSL 0.9.8q 2 Dec 2010
>=20
> Matthew, why does FreeBSD continue to use an older version of OPENSSL
> for the base system when a newer version is available? While I could
> understand, even if not fully approve the use of an older version in
> the same major version, its continues use as the de facto standard in a=
n
> entirely new major version release is counter productive. There have
> been many improvements in the 1.x release of OPENSSL so I fail to see
> the logical use of the older version. If anything, they (the FreeBSD
> developers) could keep this older version available in the ports system=

> and use the newer version as the default in the base system.

Unfortunately I can't answer that.  I'm not in any position to decide
such things.

However I can hazard a guess at some of the possible reasons:

   * openssl API changes between 0.9.x and 1.0.0 mean updating the
     shlibs is not a trivial operation, and it was judged that the
     benefits obtained from updating did not justify the effort.

   * no one had any time to import the new version.  There's plenty of
     security-critical stuff depending on openssl, and making sure all
     of that didn't suffer from any regressions is not a trivial job.

   * simply that no one thought of doing the upgrade.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enigE5EFC7090A9BC86B275D5B53
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9SE1UACgkQ8Mjk52CukIz1vgCfdMI91y2s+VSbFx9xGXeVdSfs
esUAn3Me3mnSKN3/HGgFyPPfKd3hlYut
=3SRL
-----END PGP SIGNATURE-----

--------------enigE5EFC7090A9BC86B275D5B53--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4F52134E.1090408>