On 08/07/2016 16:29, Mikhail T. wrote:
On 08.07.2016 02:26, Mathieu Arnold wrote:
During this summer (sometime in August I think) I will be changing the default
OpenSSL for the ports tree from the base system version to security/openssl.
The short answer is "Why?!" The longer reaction is: "please don't".
Certainly not without a lengthy and exhaustive discussion (or flame-war,
if you will), which shall arrive at a consensus -- and, if it does not,
then no change shall happen.
Generally, we should be eating our own dog-food -- using base-provided
components for everything by default where at all possible. If the base
OpenSSL is in some way(s) deficient, well, that's an argument for
updating the base. The base comes with not just the libraries, but withe
accompanying header-files -- meaning, the developers are free to use
those libraries. So the ports certainly should be doing just that.
Our ports and the packages derived from them are part of FreeBSD -- and
the various components need to remain tightly integrated.
Yes, I understand, you intend for there to remain an option, which the
holdouts like myself will be able to use to retain the old behavior. But
that's not good enough -- if the default packages will be built
differently, then bitrot will creep in and building against the base
will slowly become more and more difficult.
I will also, because it goes with it, change the default GSSAPI from base to
something else,
Sorry, what goes with what? Are you saying, Heimdal can't be built with
port's OpenSSL or vice versa?
-mi
The only reason I heard why base isn't updated with the proper package
from ports is because of security implications. Older versions are more
security-tested and therefore safer. If there is a vulnerability in the
base it's much more hassle to update the base than ports.
I don't have my opinion and sometimes it's annoying to not be able to
use the base version, but putting everything into base is certainly an
option if only the process of updating the base was light and quick
enough. Is it like that now? Maybe with the incoming release cycle from
FreeBSD-11?
Grzegorz
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[email protected]"
