From owner-freebsd-newbies@FreeBSD.ORG Mon Mar 22 10:33:14 2004 Return-Path: Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E55116A4CE for ; Mon, 22 Mar 2004 10:33:14 -0800 (PST) Received: from scaup.mail.pas.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47F1243D31 for ; Mon, 22 Mar 2004 10:33:14 -0800 (PST) (envelope-from freebsd@nbritton.org) Received: from dsc02-chc-il-209-109-231-62.rasserver.net ([209.109.231.62] helo=nbritton.org) by scaup.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1B5UEX-0005gv-00; Mon, 22 Mar 2004 10:33:10 -0800 Message-ID: <405F3163.5080108@nbritton.org> Date: Mon, 22 Mar 2004 12:33:07 -0600 From: Nikolas Britton User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ash Gokhale , freebsd-newbies@freebsd.org References: <002101c40ea7$8d9ab470$6c01a8c0@sal> <8FABFD6B-7C1E-11D8-8E5E-00039383C51E@noaa.gov> In-Reply-To: <8FABFD6B-7C1E-11D8-8E5E-00039383C51E@noaa.gov> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD-newbies is a community. X-BeenThere: freebsd-newbies@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Gathering place for new users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Mar 2004 18:33:14 -0000 Ash Gokhale wrote: > The crypto (libcrypto) framework is a set of algorithms , code , > headers and libraries that allow your machine to encrypt and decrypt > traffic bound for where someone might want to read, alter or forge it, > and you don't want them to. There are places where it is not legal use > or export some of this technology; find out if you live in one. > > OpenSSLis a part of that framework. To think you run a secure > machine, you must convince yourself that It's secure on all levels. > All the applications on your machine look to libcrypto to provide > security services to provide. It's the engine for packages like SSH > and Apache/SSL. Above the hardware and the kernel, it's the basis for > all the crypto on the machine. Never versions of applications require > current versions of libcrypto to resist attacks based on known bugs. > > Ports is easy. By building out of ports you are leveraging other > peoples work, but you might not say with high confidence that the > ports system builds libcrypto to your level of paranoia. If you can > conceive of some malicious person slipping something bad into the > repository (it has happened to other OS's), you may want to build it > yourself. I donno that seems kinda flawed to me, can you guarantee with high confidence that a malicious person didn't slip something into the source code at the source? > Building it yourself is the other option. Before there was a ports > tree, you had to build it all by hand, in doing so you learn much > about your machine and the thousands of ways to break it. OpenSSL.org > makes the signed source code available; which you can be reasonably > sure has not been tampered. When you get good at the process you can > commit your own port to the ports tree. Besides the educational factor, you can never be 100% certin that what you built isn't allready compromised unless you do everything yourself, from scratch. This essentially mutes the whole point of not using the port, your time would be better spent auditing the ports patch code.