Date: Wed, 06 Apr 2016 19:22:48 +0200 From: Michelle Sullivan <michelle@sorbs.net> To: Kurt Jaeger <lists@opsec.eu>, Jim Ohlstein <jim@ohlste.in> Cc: ports@freebsd.org Subject: Re: Committer needed for PR 208029 Message-ID: <570545E8.8090708@sorbs.net> In-Reply-To: <20160406144727.GP35640@home.opsec.eu> References: <498CA3F8-15EF-45BD-880C-241F83CBE3DD@waschbuesch.de> <20160405185159.GK35640@home.opsec.eu> <20160405200835.GM35640@home.opsec.eu> <57042958.5010701@sorbs.net> <C96569DA-ADC5-4BE0-819A-7375C3F50D8E@waschbuesch.de> <20160406044431.GO35640@home.opsec.eu> <570517F1.5020305@ohlste.in> <20160406144727.GP35640@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Kurt Jaeger wrote: > Hi! > >> This is much ado about nothing. The "WITH_OPENSSL_PORT" option is there >> for just this purpose and is used in many ports. > In 9.x this is sometimes a problem, if port X builds in variant 1 > and port Y depends/links on X, but builds in variant 2. So it's > a temporary solution for 9.x and will be solved when 9.x is EOL'ed. I have run into exactly this. > > I'm not sure how this is solved in 10.x/11.x, probably the base SSL > is much more up2date. Still has the same problem... though at the moment with 10.x being so up to date its not noticable when OpenSSL 1.0.3+ comes out it'll only be a matter of time before the same problems come up... and for the record, I think based on the FreeBSD policy, putting in an IGNORE or BROKEN for a too early version of openssl in base is the best policy ... not forgetting that the user doesn't have to specify system-wide options, they can do it on the command line. > >> Forcing users who want to use this port to use OpenSSL from ports for >> ALL ports is overkill. >> Think about official packages. Are ALL packages built against OpenSSL >> from ports, or only those that need them? It's the latter, of course. >> Are they incompatible in production? No. Actually I think you'll find with the intent of compiling and using the new pkg (at least until variants are done) it's a hell of a lot worse (you can't use pkg upgrade with the risk of something that you need getting replaced by something you have chosen to configure... that said.. you have the same problem even if you have USE_OPENSSL_PORTS defined anyhow...) > There are grey areas, and I guess it will be like that for 9.x. > -- Michelle Sullivan http://www.mhix.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?570545E8.8090708>