Date: Tue, 12 Jul 2016 01:01:24 +0300 From: Andrey Chernov <ache@freebsd.org> To: Slawa Olhovchenkov <slw@zxy.spb.ru> Cc: Mark Felder <feld@feld.me>, freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: GOST in OPENSSL_BASE Message-ID: <6f8ff1e9-9358-17cb-aca5-ad3abef6b616@freebsd.org> In-Reply-To: <20160711201350.GF20831@zxy.spb.ru> References: <20160710133019.GD20831@zxy.spb.ru> <f35c1806-c06d-0d46-1c8a-58a56adef9a7@freebsd.org> <20160710150143.GK46309@zxy.spb.ru> <cb12083d-445a-ea19-5538-d670a89fcc6d@freebsd.org> <9ead7cd7-7d1b-2dd8-eea8-43f7766d92a9@freebsd.org> <d4329543-0503-cfc0-eb17-378d561d4c0f@freebsd.org> <20160711102906.GN46309@zxy.spb.ru> <1468253073.695754.662984777.1E8F9C28@webmail.messagingengine.com> <20160711162902.GO46309@zxy.spb.ru> <c670eadd-05f6-7332-afa6-8867c4f57eef@freebsd.org> <20160711201350.GF20831@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11.07.2016 23:13, Slawa Olhovchenkov wrote: > On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote: > >> On 11.07.2016 19:29, Slawa Olhovchenkov wrote: >>> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote: >>> >>>> >>>> >>>> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote: >>>>> >>>>> I.e. GOST will be available in openssl. >>>>> Under BSD-like license. >>>>> Can be this engine import in base system and enabled at time 1.1.0? >>>>> And can be GOST enabled now? >>>>> >>>> >>>> I think the wrong question is being asked here. Instead we need to focus >>>> on decoupling openssl from base so this can all be handled by ports. >>> >>> This is wrong direction with current policy. >>> ports: unsupported by FreeBSD core and securite team, no guaranted to comaptible >>> between options and applications. >>> >>> base: supported by FreeBSD core and securite team, covered by CI, >>> checked for forward and backward API and ABI compatibility. >>> >> >> Ports are supported by secteam, and recently I notice "headsup" mail >> with intention to make base openssl private and switch all ports to >> security/openssl port. > > I mean `support` is commit reviewing, auditing and etc. > Secteam do it for ports? At least CVEs are tracked. You better ask about whole list of ports secteam duties secteam themselves. > >> Adding of GOST as 3rd party plugin is technically possible in both >> (base, ports) cases, the rest of decision is up to FreeBSD openssl >> maintainers and possible contributors efforts. >> >> I need to specially point to "patches" section of the 3rd party GOST >> plugin, from just viewing I don't understand, are those additional >> openssl patches should be applied to openssl for GOST, or they are just >> reflect existent changes in the openssl. >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6f8ff1e9-9358-17cb-aca5-ad3abef6b616>