[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-security
Subject: Re: scope of private libraries
From: Franco Fichtner <franco () lastsummer ! de>
Date: 2015-06-02 15:16:55
Message-ID: 7C328F06-A37A-4A1D-922E-A077FBABA306 () lastsummer ! de
[Download RAW message or body]
> On 02 Jun 2015, at 16:50, Kimmo Paasiala <kpaasial@gmail.com> wrote:
>
> Even if the base system OpenSSL was modularized using pkg it would be
> still subject to ABI stability requirements. In other words it would
> be stuck at the version or versions that are 100% ABI compatible with
> one installed initially on the first minor version of the same major
> version line. Only critical security fixes would be backported to it
> exactly as it is done now with the base system OpenSSL.
OpenSSL base is only used by base, unexposed. All ports are built
against OpenSSL from ports. I don't see the ABI problem. pkgng
takes care of updating shared library dependencies and ABI changes.
We can already move OPNsense installations from OpenSSL to LibreSSL
and back without a flinch.
The real issue are hand-rolled production systems that rely on a
stable crypto API because someone did not want to add a ports/packages
workflow to implement proper dependency tracking. I don't think that
has worked out particularly well. ;)
Cheers,
Franco
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic