From owner-freebsd-security@FreeBSD.ORG  Mon Jun  1 18:06:07 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F0D0AAB7
 for <freebsd-security@freebsd.org>; Mon,  1 Jun 2015 18:06:06 +0000 (UTC)
 (envelope-from kaduk@mit.edu)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu
 [18.7.68.36])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9C18B1AFC
 for <freebsd-security@freebsd.org>; Mon,  1 Jun 2015 18:06:06 +0000 (UTC)
 (envelope-from kaduk@mit.edu)
X-AuditID: 12074424-f79b06d000000cfd-be-556c9dd83f46
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35])
 (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id
 8B.D5.03325.8DD9C655; Mon,  1 Jun 2015 14:00:57 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
 by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t51I0uZo004374;
 Mon, 1 Jun 2015 14:00:56 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37])
 (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t51I0rap021772
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Mon, 1 Jun 2015 14:00:54 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308)
 id t51I0qte007744; Mon, 1 Jun 2015 14:00:52 -0400 (EDT)
Date: Mon, 1 Jun 2015 14:00:52 -0400 (EDT)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Franco Fichtner <franco@lastsummer.de>
cc: Kimmo Paasiala <kpaasial@gmail.com>,
 freebsd-security <freebsd-security@freebsd.org>
Subject: Re: scope of private libraries
In-Reply-To: <2C5684F6-5D01-42BE-A7BD-13DD88040128@lastsummer.de>
Message-ID: <alpine.GSO.1.10.1506011359040.22210@multics.mit.edu>
References: <201506010138.t511cp2P088983@gw.catspoiler.org>
 <alpine.GSO.1.10.1506011214350.22210@multics.mit.edu>
 <CA+7WWSc47cH_C+JCFNv22onuf-V=mFNQ+U96Gx_vUm-1YU2OdQ@mail.gmail.com>
 <alpine.GSO.1.10.1506011238440.22210@multics.mit.edu>
 <2C5684F6-5D01-42BE-A7BD-13DD88040128@lastsummer.de>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsUixCmqrHtzbk6owYfJ7BZXZn5gsujZ9ITN
 Yt2BScwOzB4zPs1n8dg56y67x7p/25kDmKO4bFJSczLLUov07RK4MiYeiCto4ayY9/onawPj
 bbYuRk4OCQETiesnJ0LZYhIX7q0Hsrk4hAQWM0lsm3COHcLZwCixuusaC4RzkEli9892sBYh
 gXqJjssbWEBsFgEtiTmbzzCD2GwCKhIz32wEqxEBin/rhrCZBRIlzv69ywpiCwuoS2yf8was
 nlPAUWL+h7NgcV4gu+v6CWa4M24s3gaWEBXQkVi9fwoLRJGgxMmZT1gghmpJLJ++jWUCo+As
 JKlZSFILGJlWMcqm5Fbp5iZm5hSnJusWJyfm5aUW6Zrr5WaW6KWmlG5iBIUvu4vKDsbmQ0qH
 GAU4GJV4eDO6s0OFWBPLiitzDzFKcjApifIaTMoJFeJLyk+pzEgszogvKs1JLT7EKMHBrCTC
 K9sElONNSaysSi3Kh0lJc7AoifNu+sEXIiSQnliSmp2aWpBaBJOV4eBQkuC9OQeoUbAoNT21
 Ii0zpwQhzcTBCTKcB2h4CkgNb3FBYm5xZjpE/hSjopQ47yWQhABIIqM0D64Xll5eMYoDvSLM
 awxSxQNMTXDdr4AGMwENbhcAG1ySiJCSamBs3HBQ2KbTR1Oxap9DczDHE9/ZwuXuHq812yWf
 XuuJ2GCX8yCUcfLKubZ6c8VV7Izb5vces1a2+RUQ4vC0R1HtZePT2fIfHIuC019x6v+96vmm
 RsR7hl7VTNlZZitfHz3ELBk44czjNdmus4VCHj/aaj7RfuNWvvdS6pHJGSus5N+1fvP3uq/E
 UpyRaKjFXFScCAAUZ3AICgMAAA==
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2015 18:06:07 -0000

On Mon, 1 Jun 2015, Franco Fichtner wrote:

> As a side note, does pkgng really have to depend on base
> OpenSSL; does it have to depend on a full-blown SSL library?

Yes.

-Ben

(From IRC:)

   efnet / #bsddev / bjk  13:17  ()
       In particular, Franco asked "does pkg really need to depend on openssl from
       base?"
   efnet / #bsddev / bjk  13:17  ()
       To which I believe the answer is "yes", but am not authoritative
   efnet / #bsddev / bapt  13:48  (bapt!~bapt@ns3301091.ip-178-32-217.eu)
       bjk: I'm not reading but the answer is yes
   efnet / #bsddev / bapt  13:48  (bapt!~bapt@ns3301091.ip-178-32-217.eu)
       pkg needs openssl
   efnet / #bsddev / bapt  13:48  (bapt!~bapt@ns3301091.ip-178-32-217.eu)
       because of rsa keys
   efnet / #bsddev / bapt  13:48  (bapt!~bapt@ns3301091.ip-178-32-217.eu)
       because of sha256 as well
   efnet / #bsddev / bapt  13:48  (bapt!~bapt@ns3301091.ip-178-32-217.eu)
       well this one could be replaced by libmd but it is way slower
   efnet / #bsddev / bapt  13:49  (bapt!~bapt@ns3301091.ip-178-32-217.eu)
       also without openssl no https support