Date: Tue, 4 Oct 2005 13:45:12 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Dirk Meyer <dirk.meyer@dinoex.sub.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: Valid Sender ? - Re: cvs commit: ports/security/openssl Makefile Message-ID: <20051004174511.GA22748@xor.obsecurity.org> In-Reply-To: <8AYfVTn/WV@dmeyer.dinoex.sub.org> References: <200510040735.j947Z8rb069549@repoman.freebsd.org> <200510040735.j947Z8rb069549@repoman.freebsd.org> <20051004144319.GA71102@xor.obsecurity.org> <8AYfVTn/WV@dmeyer.dinoex.sub.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 04, 2005 at 07:00:53PM +0200, Dirk Meyer wrote: > Kris Kennaway schrieb:, >=20 > > > Log: > > > - bump SHLIB version > > > The API of openssl 0.9.8 ist compatible but not identical. > > > This version bump might break build of all ports that try > > > to include the opessl in base at the same time. > > > That ports should be fixed. > >=20 > > This change should probably have waited until after 6.0. It's going > > to have significant follow-on effects that may prevent me from fixing > > security vulnerabilities in 6.0-RELEASE packages. Do you think this > > will not be the case? >=20 > No ... > As you might see in the cvs Revision 1.100 is tagged with RELEASE_6_0_0 > The update of openssl 0.9.8 was commited after this. And when you commit a fix to some other port and then it has a security vulnerability, I can't slip the tag without worrying whether you've broken the package on 6.0 with the previous version of openssl. Kris --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDQr+nWry0BWjoQKURAh/pAKD2fg8Kz2N9Iy8tMaJ2j9I94McQWwCgri3R ih65z9oYlXMkCvj7N0rdS9Q= =tCoW -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051004174511.GA22748>