Date: Tue, 5 Oct 2021 08:38:49 +0200 From: Felix Palmen <felix@palmen-it.de> To: freebsd-ports@freebsd.org Subject: Re: State of LibreSSL in FreeBSD ports Message-ID: <20211005063849.zjejmnaifve4gngz@nexus.home.palmen-it.de> In-Reply-To: <20211004182033.7iaeak3z2dgwdbhw@aching.in.mat.cc> References: <20211003141654.bwlnlin6g3s2n5gt@nexus.home.palmen-it.de> <20211004182033.7iaeak3z2dgwdbhw@aching.in.mat.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
--utk4ethlq5fa26jz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Mathieu Arnold <mat@freebsd.org> [20211004 20:20]: > On Sun, Oct 03, 2021 at 04:16:54PM +0200, Felix Palmen wrote: > > Is LibreSSL in FreeBSD ports > >=20 > > * supported, so ports should build with it if at all possible? > > * supported on a "best effort" base, so setting a port BROKEN is > > acceptable if maintaining (working) patches would be too much hassle? > > * NOT supported at all, so random build failures with LibreSSL are fine? >=20 > I'd say the third option, the only *SSL variant that is guaranteed too > work is using the base system OpenSSL, using anything else is bound to > hurt and segfault at one point or the other. If that would be consensus, I think it would be better to remove the option altogether. What's the point of having a totally unsupported and experimental option in ports anyways? Fortunately, my experience is different. Most port maintainers acknowledge a problem with LibreSSL (that isn't already noted in an IGNORE/BROKEN) is a bug. And I've never seen a segfault caused by using LibreSSL in several years of using it with FreeBSD ports. > This is because your software will have linking with one library from > the base system that brings OpenSSL, and some other library that links > with ports OpenSSL or LibreSSL, and the software calls one function that > is in both. I could think of kerberos here (which I don't use from base either). Do you have any other examples? --=20 Dipl.-Inform. Felix Palmen <felix@palmen-it.de> ,.//.......... {web} http://palmen-it.de {jabber} [see email] ,//palmen-it.de {pgp public key} http://palmen-it.de/pub.txt // """"""""""" {pgp fingerprint} A891 3D55 5F2E 3A74 3965 B997 3EF2 8B0A BC02 DA2A --utk4ethlq5fa26jz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEqJE9VV8uOnQ5ZbmXPvKLCrwC2ioFAmFb8vEACgkQPvKLCrwC 2ipO+Qf+O8AXXx5me+r+R3gkPzbbSyQSEEwLbHCQp7gNZtlg8uNUrUNSfm+oR4ZI FAjMxwJSWLZNZ7Zh+DvgwipeUvM6/UnerYtunqrCa6Ff2lPRPVLJzuxeJOyUMhHU WA3FcHw/MNn9Eaw2BsmbxQPD+YGJY/zgHei6KOijkS3jScHOlnNRQH8FMK44cMpF mMrRiDP+r5c53g+UuYunpynKO9NI3X/wIr5zEil8c9aPTmCu2r8iGqsZYUt8t2Qo pclNZU8NpA9ISS7jt/TMGsYyovfpAvaTkXj4lqJQhxn1fUoHWNgw8/W5EwtQKQWA 2p/RmCLEuiOmJ7kgjaQ55474pCX9ZA== =ZzCE -----END PGP SIGNATURE----- --utk4ethlq5fa26jz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20211005063849.zjejmnaifve4gngz>