From owner-freebsd-ports@FreeBSD.ORG Wed May 13 21:09:57 2015 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E19F9C8B for ; Wed, 13 May 2015 21:09:57 +0000 (UTC) Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id C91D6164B for ; Wed, 13 May 2015 21:09:57 +0000 (UTC) Received: from yuri.doctorlan.com (c-50-184-63-128.hsd1.ca.comcast.net [50.184.63.128]) (authenticated bits=0) by shell1.rawbw.com (8.14.9/8.14.9) with ESMTP id t4DL9oJm032514 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 13 May 2015 14:09:51 -0700 (PDT) (envelope-from yuri@rawbw.com) X-Authentication-Warning: shell1.rawbw.com: Host c-50-184-63-128.hsd1.ca.comcast.net [50.184.63.128] claimed to be yuri.doctorlan.com Message-ID: <5553BD9D.50900@rawbw.com> Date: Wed, 13 May 2015 14:09:49 -0700 From: Yuri User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: "ports@freebsd.org" CC: Carmel NY Subject: Re: www/firefox really depends on security/openssl? References: <20150509125643.0bda93e6@kirk.drpetervoigt.private> <554EEBB5.8010304@rawbw.com> <20150511202110.34e6e29c@kirk.drpetervoigt.private> <55510C22.9050900@rawbw.com> <20150512000259.32a44ec4@kirk.drpetervoigt.private> <55512E8F.8040508@rawbw.com> <20150512022857.7230c163@kirk.drpetervoigt.private> <55515251.5040503@rawbw.com> <20150512112505.5f36f0b2@kirk.drpetervoigt.private> <5551DB5A.7090508@rawbw.com> <20150513012435.1912fdc2@kirk.drpetervoigt.private> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2015 21:09:58 -0000 On 05/13/2015 04:11, Carmel NY wrote: > The most reliable method to eliminate this, for lack of a better word > "bullshit", would be for FreeBSD to keep the "base" system "openssl" > version" up-to-date. It is apparent to even the most casual observer that > the present method of allowing to different versions of such an important > application on the same system without a fail proof method of choosing which > version to use as you have demonstrated is truly counter productive to a > "stable" environment. Even keeping the base up-to-date won't necesarily work, since mixing of two copies of the same shared lib from different locations may, and probably will cause faulty behavior due to static variables, among other reasons. Base OpenSSL should be used for one thigs, and port - for others. Isolation is important. I raised this conversation on Apr 1 here, but apparently this important issue is still not resolved. I can't do this myself, because the patch will be likely touching ~100 places, and people who commit it will have to go through all the details, and essentially redo all the thinking. I can't even get simple and obvious stage-qa checks to be checked in. Likely because they aren't exciting enough. People are attracted to exciting stuff. Yuri