Date: Wed, 13 May 2015 14:09:49 -0700 From: Yuri <yuri@rawbw.com> To: "ports@freebsd.org" <ports@freebsd.org> Cc: Carmel NY <carmel_ny@outlook.com> Subject: Re: www/firefox really depends on security/openssl? Message-ID: <5553BD9D.50900@rawbw.com> In-Reply-To: <BLU436-SMTP104BFED1CE268833F4D24E080D90@phx.gbl> References: <20150509125643.0bda93e6@kirk.drpetervoigt.private> <554EEBB5.8010304@rawbw.com> <20150511202110.34e6e29c@kirk.drpetervoigt.private> <55510C22.9050900@rawbw.com> <20150512000259.32a44ec4@kirk.drpetervoigt.private> <55512E8F.8040508@rawbw.com> <20150512022857.7230c163@kirk.drpetervoigt.private> <55515251.5040503@rawbw.com> <20150512112505.5f36f0b2@kirk.drpetervoigt.private> <5551DB5A.7090508@rawbw.com> <20150513012435.1912fdc2@kirk.drpetervoigt.private> <BLU436-SMTP104BFED1CE268833F4D24E080D90@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 05/13/2015 04:11, Carmel NY wrote: > The most reliable method to eliminate this, for lack of a better word > "bullshit", would be for FreeBSD to keep the "base" system "openssl" > version" up-to-date. It is apparent to even the most casual observer that > the present method of allowing to different versions of such an important > application on the same system without a fail proof method of choosing which > version to use as you have demonstrated is truly counter productive to a > "stable" environment. Even keeping the base up-to-date won't necesarily work, since mixing of two copies of the same shared lib from different locations may, and probably will cause faulty behavior due to static variables, among other reasons. Base OpenSSL should be used for one thigs, and port - for others. Isolation is important. I raised this conversation on Apr 1 here, but apparently this important issue is still not resolved. I can't do this myself, because the patch will be likely touching ~100 places, and people who commit it will have to go through all the details, and essentially redo all the thinking. I can't even get simple and obvious stage-qa checks to be checked in. Likely because they aren't exciting enough. People are attracted to exciting stuff. Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5553BD9D.50900>