Date: Fri, 11 Dec 2020 16:04:56 GMT From: Martin Simmons <martin@lispworks.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <202012111604.0BBG4uh3002969@higson.cam.lispworks.com> In-Reply-To: <612054DD-F857-455F-AF49-695A910A0D81@lastsummer.de> (message from Franco Fichtner on Fri, 11 Dec 2020 13:28:43 %2B0100) References: <202012111219.0BBCJYSf000629@higson.cam.lispworks.com> <612054DD-F857-455F-AF49-695A910A0D81@lastsummer.de>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Fri, 11 Dec 2020 13:28:43 +0100, Franco Fichtner said: > > > On 11. Dec 2020, at 13:20, Martin Simmons <martin@lispworks.com> wrote: > > > > > >> > >>>>>> On Fri, 11 Dec 2020 12:44:17 +0100, Franco Fichtner said: > >> > >>>> On 11. Dec 2020, at 12:38 PM, Martin Simmons <martin@lispworks.com> wrote: > >>> > >>>>>>>> On Thu, 10 Dec 2020 22:46:28 -0800, John-Mark Gurney said: > >>>> > >>>> What are peoples thoughts on how to address the support mismatch between > >>>> FreeBSD and OpenSSL? And how to address it? > >>> > >>> Maybe it would help a little if the packages on pkg.FreeBSD.org all used the > >>> pkg version of OpenSSL? Currently, it looks like you have build your own > >>> ports if you want that. > >> > >> This pretty much breaks LibreSSL ports usage for binary package consumers. > > > > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always > > use the base OpenSSL at the moment? > > Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally. > > In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL. > > For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch. OK, I see what you mean now. The underlying problem is that it is impossible to install packages/ports for OpenSSL and LibreSSL at the same time. __Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012111604.0BBG4uh3002969>