Date: Mon, 29 Aug 2016 10:15:18 +0100 From: Chris <chrcoluk@gmail.com> To: Dirk Meyer <dirk.meyer@dinoex.sub.org> Cc: ports@freebsd.org, ports-secteam@freebsd.org Subject: Re: Upcoming OpenSSL 1.1.0 release Message-ID: <CAOhm=5rwsmwyMdALgfxMjTU4=jNPrLk%2BMhUj=Zu5OqeyRN9r6Q@mail.gmail.com> In-Reply-To: <X7caW0vTrN@dmeyer.dinoex.sub.org> References: <6d35459045985929d061f3c6cca85efe@imap.brnrd.eu> <0E328A9485C47045F93C19AB@atuin.in.mat.cc> <CAOhm=5pPvKeJV5VHkdnDj=5nE73mH=gv7Z=240bfG6AwKzKvOg@mail.gmail.com> <X7caW0vTrN@dmeyer.dinoex.sub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dirk, it wont be as messy as the havoc it can cause on production machines. There is several ports which have multiple versions without a mess, I do not see wh openssl would be any different as the version used can be put in the make.conf. I just had a quick glance at the 1.2 changelog, and it will be a bad idea to put this in ports replacing 1.0.2, 1.0.2 is a LTS release and in addition 1.1.10 disables RC4 and 3des, whilst those ciphers are old there is legitimate reasons for sysadmins to support use of those ciphers for a while longer. Remember we dont all run FreeBSD as a hobby some of use this in production where we are responsible for making sure things work in a commercial environment. Decisions have to be done carefully with this in mind. Also 1.1.0 is not fully backwards compatible with 1.0.x meaning everything compiled against it has to be recompiled, which was not the case when moving upwards on minor version revisions, it seems not much thought has been put into these gotcha's as I seen a upgrade was attempted only yesterday. So I stress again, openssl needs two seperate ports, one for 1.1.x and another for 1.0.x. On 23 August 2016 at 12:09, Dirk Meyer <dirk.meyer@dinoex.sub.org> wrote: > > >> I am excited about opensl 1.1 but I am not sure if it is right to just >> jump the security/openssl port to it, maybe make a new >> security/openssl11 port? >> >> Or move the default port but add a new security/openssl10 port for 1.0.2. > > this would only increase the mess we have, > and create only more conflicts between libssl.so versions. > > We have done this for openssl 0.9x before, not with good results. > > kind regards Dirk > > - Dirk Meyer, Im Grund 4, 34317 Habichtswald, Germany > - [dirk.meyer@dinoex.sub.org],[dirk.meyer@guug.de],[dinoex@FreeBSD.org]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOhm=5rwsmwyMdALgfxMjTU4=jNPrLk%2BMhUj=Zu5OqeyRN9r6Q>