From owner-freebsd-ports@freebsd.org Sat Jul 9 21:14:14 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A89AB76F6D for ; Sat, 9 Jul 2016 21:14:14 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A41C1432 for ; Sat, 9 Jul 2016 21:14:13 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 3rn3y95PbDzZrg for ; Sat, 9 Jul 2016 23:14:09 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:subject:subject:received:received; s=mail; t= 1468098847; x=1469913248; bh=d0H1G4OOmeK4CiqhMxwR6oTJcbHd57RGzUD e2fJzp+8=; b=NfylsviPVTexOs9LTKnCkLWl619jwcU4SNOsNgVpwvEp8o+jHLP oOMkfVv74PW929nKMgUPyEGS7cm59OiUQyQX0icy7opGKt0hEr+IYrAdSrQs7I2+ vt7VhomQe5CwUVa9bIl0krP+2CpmcEMjYjhkjqRuXrsrcB6KjINW3JCI= Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024) with ESMTP id BG20P5PAYCR5 for ; Sat, 9 Jul 2016 23:14:07 +0200 (CEST) Received: from tommy.madpilot.net (micro.madpilot.net [88.149.173.206]) by mail.madpilot.net (Postfix) with ESMTPSA for ; Sat, 9 Jul 2016 23:14:07 +0200 (CEST) Subject: Re: base components should always be default (Re: change in default openssl coming) To: freebsd-ports@freebsd.org References: <6ceaba03-3e07-606d-3c93-f3f40c8ae38d@madpilot.net> <20160709173116.GU94145@graf.pompo.net> <3547d58c-c4d9-5165-6f80-2cb2326a5eb0@madpilot.net> <20160709204014.GA73439@graf.pompo.net> From: Guido Falsi Message-ID: <25fc6bb5-a4ae-34cc-818f-37bae2e0fa10@madpilot.net> Date: Sat, 9 Jul 2016 23:14:04 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <20160709204014.GA73439@graf.pompo.net> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jul 2016 21:14:14 -0000 On 07/09/16 22:40, Thierry Thomas wrote: > Le sam 9 jul 16 à 20:35:59 +0200, Guido Falsi > écrivait : > >> But that option will not change the basic problem of how the OS is >> developed. FreeBSD base will anyway include OpenSSL even though users >> can choose(and have been able to for a long while) too not install it. > > But with a packaged base, OpenSSL from base and OpenSSL from ports could > be merged. > Don't think that's an option. Having base depend on a port which can change below it would be a major cause of instability. Also the port's OpenSSL could change API/ABI at any time, while base software cannot follow such a schedule. Base software requires a stable API, and needs to be tested each time the library below it changes. I think the only viable solution to this is making base OpenSSL a private library not exposed externally (like other libraries in base) so it is decoupled. As I said this would remove the need for stability of the exposed ABI/API allowing base to update it whenever it's needed, and also migrating to another implementation if that's what developers choose to do. This is also complicated by ports having mixed requirements. Certain ported software depends on the latest and greatest SSL library, others depend on older APIs, so ports have to cater for these needs too, which are in sharp contrast with base ones. I agree that packages base anyway helps with making openssl private. The point is, ports have a need to allow for linking with a vast array of SSL libraries (two versions of OpenSSL and the various LibreSSL PolarSSL and others), base needs a stable one with tested compatibility at each slightest change. -- Guido Falsi