Date: Fri, 11 Dec 2020 11:57:13 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: Robert Schulze <rs@bytecamp.net> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <20201211195713.GO31099@funkthat.com> In-Reply-To: <72f2110e-8f1b-76ca-4dd8-2d7283b951d6@bytecamp.net> References: <20201209230300.03251CA1@freefall.freebsd.org> <20201211064628.GM31099@funkthat.com> <72f2110e-8f1b-76ca-4dd8-2d7283b951d6@bytecamp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Schulze wrote this message on Fri, Dec 11, 2020 at 10:14 +0100:
> Hi,
>
> Am 11.12.20 um 07:46 schrieb John-Mark Gurney:
> >
> > Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation
> > than we are now. OpenSSL 3.0.0 has no support commitment announced
> > yet, and sticking with 1.1.1 for 13 will put us even in a worse
> > situation than we are today.
> >
> > What are peoples thoughts on how to address the support mismatch between
> > FreeBSD and OpenSSL? And how to address it?
> >
> > IMO, FreeBSD does need to do something, and staying w/ OpenSSL does
> > not look like a viable option.
>
> you may install a current OpenSSL via ports if you like to.
> I don't see any OpenSSL fork to be more reliable than its predecessor
> but there has been done much work in the portstree to enable the system
> administrator to switch.
That does not fix all the applications that are in base, like fetch,
that use OpenSSL.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201211195713.GO31099>