Date: Mon, 22 Mar 2004 11:32:50 -0500 From: Ash Gokhale <ash.gokhale@noaa.gov> To: "Sally Hines" <shines@smaller.net> Cc: freebsd-newbies@freebsd.org Subject: Re: FreeBSD-newbies is a community. Message-ID: <8FABFD6B-7C1E-11D8-8E5E-00039383C51E@noaa.gov> In-Reply-To: <002101c40ea7$8d9ab470$6c01a8c0@sal> References: <002101c40ea7$8d9ab470$6c01a8c0@sal>
next in thread | previous in thread | raw e-mail | index | archive | help
The crypto (libcrypto) framework is a set of algorithms , code , headers and libraries that allow your machine to encrypt and decrypt traffic bound for where someone might want to read, alter or forge it, and you don't want them to. There are places where it is not legal use or export some of this technology; find out if you live in one. OpenSSLis a part of that framework. To think you run a secure machine, you must convince yourself that It's secure on all levels. All the applications on your machine look to libcrypto to provide security services to provide. It's the engine for packages like SSH and Apache/SSL. Above the hardware and the kernel, it's the basis for all the crypto on the machine. Never versions of applications require current versions of libcrypto to resist attacks based on known bugs. Ports is easy. By building out of ports you are leveraging other peoples work, but you might not say with high confidence that the ports system builds libcrypto to your level of paranoia. If you can conceive of some malicious person slipping something bad into the repository (it has happened to other OS's), you may want to build it yourself. Building it yourself is the other option. Before there was a ports tree, you had to build it all by hand, in doing so you learn much about your machine and the thousands of ways to break it. OpenSSL.org makes the signed source code available; which you can be reasonably sure has not been tampered. When you get good at the process you can commit your own port to the ports tree. > btw: I would not build _my_ crypto framework from ports. *wink btw: Adding this btw in this manner is called a troll. On Mar 20, 2004, at 1:17 PM, Sally Hines wrote: > What does it mean? You would not build your crypto framework from > ports? > What is crypto framework? > Why not ports? > What options are there? Ash Gokhale System Administration Lead, NOAA/MDL
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8FABFD6B-7C1E-11D8-8E5E-00039383C51E>