From owner-freebsd-security@FreeBSD.ORG Sun May 17 21:13:05 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1DF4AB6F for ; Sun, 17 May 2015 21:13:05 +0000 (UTC) Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C57D51FBF for ; Sun, 17 May 2015 21:13:04 +0000 (UTC) Received: by wizk4 with SMTP id k4so55826991wiz.1 for ; Sun, 17 May 2015 14:12:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=bDDMRfixb6gH5bu/H7TTIRrA7XypCLfX5yeHCDsCC+o=; b=g9pBIIHVA5RxbtU7jVD/hW5tWhpYrMA3H8SNWqx/ULmBMcc0dGfrIMeexPhG2hVyNU cqbXOFZ+3ddBcb2nVo/OHQ5Nf19VtuJMckPQHIbTxuu8ZN6Y/OHykdMgBUhq5Y7TmE0T JdMsmpNowk1CHgE2om0PXhYe0WZjlRIqmW2wiuNaLT44JbmyIzLDqvyChM81HF+mXgt2 A6bmyYE1wLsCheqeWj50LLCd9bcQg+uUggWjNakqnkVrdhyCbdYWm1pZYSUfRVUA4+ga TM1M2D/XqvvZ121OQGLA7M3TkINnPq0udskS7IFyJGHFaAEkYzK/ekamtn0WHtGgEuNj mjqQ== X-Gm-Message-State: ALoCoQmKQGJSK/MhVBrFuKFW9Il4WpR8wGX6EvN7G426j8L7Lc9QUHSYuzxK7oeGqDleANgUPHLT X-Received: by 10.194.185.107 with SMTP id fb11mr38802288wjc.9.1431897176800; Sun, 17 May 2015 14:12:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.159.207 with HTTP; Sun, 17 May 2015 14:12:15 -0700 (PDT) X-Originating-IP: [68.178.93.3] In-Reply-To: <20150517205035.5F0DD154@hub.freebsd.org> References: <2857899F-802E-4086-AD41-DD76FACD44FB@modirum.com> <05636D22-BBC3-4A15-AC44-0F39FB265CDF@patpro.net> <20150514193706.V69409@sola.nimnet.asn.au> <5554879D.7060601@obluda.cz> <1431697272.3528812.269632617.29548DB0@webmail.messagingengine.com> <5556E5DC.7090809@obluda.cz> <1431894012.1947726.271026057.54BB4786@webmail.messagingengine.com> <20150517205035.5F0DD154@hub.freebsd.org> From: Leif Pedersen Date: Sun, 17 May 2015 16:12:15 -0500 Message-ID: Subject: Re: Forums.FreeBSD.org - SSL Issue? To: Roger Marquis Cc: "freebsd-security@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2015 21:13:05 -0000 On Sun, May 17, 2015 at 3:50 PM, Roger Marquis wrote: > I recommended an openssl_base port so that > security vulnerabilities (not necessarily protocol weaknesses) could be > more easily remediated (than installworld) and so 'pkg audit' could > report on those. > Exactly how would that differ from using freebsd-update? -- As implied by email protocols, the information in this message is not confidential. Any middle-man or recipient may inspect, modify, copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. As the sender, I acknowledge that I have a lower expectation of the control and privacy of this message than I would a post-card. Further, nothing in this message is legally binding without cryptographic evidence of its integrity. http://bilbo.hobbiton.org/wiki/Eat_My_Sig