Date: Fri, 18 Dec 2015 15:21:13 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: freebsd-current@freebsd.org Subject: Base Packaging in 11
| raw e-mail | index | archive | help
Forwarding this from freebsd-security in case anyone here can update us regarding the status of base packaging or has URLs for projects/release-pkg. Roger >Date: Fri, 18 Dec 2015 14:21:04 -0800 (PST) >To: freebsd-security@freebsd.org >Subject: Re: [OpenSSL] /etc/ssl/cert.pem not honoured by default > >rhi wrote: >>> Until now, I have avoided installing the OpenSSL port because the base >>> OpenSSL gets security updates via freebsd-update and so it's one thing less >>> to care about... also, I don't like the idea of having two different >>> versions of the same thing on the system > >A fair number of sites have this issue, particularly with ssl and ssh >binaries. IME this one of FreeBSD's more longstanding administrative and >security weaknesses. It is paricularly painful for those of us who have >to support a release for several years (after the last base update). > >>> Or is it recommended to let ports use the port OpenSSL, so that base OpenSSL >>> is only used for the system itself? > >If you need the most recent ciphers and protocols you'll normally need to >use the port. Features are backported from the (higher) port version to >the base version i.e., without bumping the version string, however, it's >not clear whether all applications can take advantage of them. > >Matthew Seaman wrote: >> There are plans to make many of the base system shlibs private and that >> includes switching the ports to use openssl from ports, but I don't think >> any changes along those lines are really imminent. > >Are you Sure? 3 months ago DES thought they'd be ready for 11: > > > The plan is for 11 to have a fully packaged base system. There should > > be some information in developer summit reports on the wiki. The code > > is in projects/release-pkg. > >However I don't see a projects/release-pkg dir in -CURRENT. > >Any recommendations as to how we might help this particular effort?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>