From owner-freebsd-security@FreeBSD.ORG Tue Apr 8 18:39:06 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 24090E4E for ; Tue, 8 Apr 2014 18:39:06 +0000 (UTC) Received: from smtp.peterschmitt.fr (smtp.peterschmitt.fr [IPv6:2a01:4f8:a0:72c8:4224::1]) by mx1.freebsd.org (Postfix) with ESMTP id DA4EE1344 for ; Tue, 8 Apr 2014 18:39:05 +0000 (UTC) Received: from [192.168.1.121] (89-159-92-168.rev.dartybox.com [89.159.92.168]) by smtp.peterschmitt.fr (Postfix) with ESMTPSA id 68D0E60157; Tue, 8 Apr 2014 20:38:56 +0200 (CEST) Message-ID: <5344427B.3060205@peterschmitt.fr> Date: Tue, 08 Apr 2014 20:39:55 +0200 From: Florent Peterschmitt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.4.0 MIME-Version: 1.0 To: Mark Boolootian , Chris Nehren Subject: Re: FreeBSD's heartbleed response References: <20140408174210.GA5433@behemoth> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="11MNtLLRpTkaGt8fXSOl2JRM7aJDRivFe" Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 18:39:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --11MNtLLRpTkaGt8fXSOl2JRM7aJDRivFe Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 08/04/2014 19:46, Mark Boolootian wrote: > While it may not be quite what you're looking for, ports contains > OpenSSL 1.0.1g. Why not moving critical parts of the basesystem to ports, that will be installed at system installation of course? It was one of the reasons to get BIND out from sysbase, but since their is a fresh new and powerful package manager, I think FreeBSD should rely on them instead on persisting to keep all sort of stuffs into the base. An "openssl-current" and an "openssl-stable", both providing "openssl" (an of course conflicting between each other) can be a good solution, nop= e? FreeBSD should be split in packages over the time, I think. And splitting it is not a synonym of a "not coherent system" ;) If you tell me FreeBSD should be and will always be delivered as tarballs/svn/freebsd-update, well, at least freebsd-update is a bit slow but still works. --11MNtLLRpTkaGt8fXSOl2JRM7aJDRivFe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQIcBAEBAgAGBQJTREJ+AAoJEFr01BkajbiBvmQP/i1qSwvVVhs582+WOlxkunhz FfNhhFanCllls9AZM8GfqyYhPd3r3qo7xm8Z8nWYre2DO+gzPcBH0WG0hZCt58of KAn8NXGecwIwSTX5O8JTNEARiQvAJ01rypkzFBOLO5UgqPCWf7eaP6yqdX9afoHc ZhZm/vdoJp36X/FpPRXiVbCPPdzWG7WjvqABgv/Fb2EAtIo7nWyeg+tYJbZUf9+N zEmlK/STg828bKrTM0658FCQzZvf3r1dXMjc3jtjbZVypuDXggjL0PE4qG5MisqT cEYSUDaYEKMVCY5B8l7jMyEgzssDsqwB66ZYrWf95hMvgNvijd1z6efOHpO+xrXL 1ddPdyHnU3AjeBB0q9oENIbyEdowkjYAQZ6FSTePzUMigiEdMBxVwEQnlPIgLW+t 8f1mScr2PO282jPXsBNjWZAjxPlq1+JZ2Vi6jbNTsolUgBAzYcH7JqgZHR3JjqIX EUnn43CZnbkxmONy8P+hmNW5vHTIqYpaayVa+87MCGCDCK1YBuvD5nlqRrFuqqfW 62/hzZ3YmGwV3sBMmOUdfSAyiOz2JBAl8lUS37Am65JUJWqVcr3izGnfkxGt46hX m6Hh5kPGQqDqjcHhsO8MoQ0NqSjEdBQWI51/5JAdVWKk0+nPL0t9Aq5bttPQPbsq fDQqfj5PeULuVqyb5f/v =d8bX -----END PGP SIGNATURE----- --11MNtLLRpTkaGt8fXSOl2JRM7aJDRivFe--