Date: Thu, 01 Aug 2002 13:24:25 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: Mikhail Teterin <mi+mx@aldan.algebra.com>, Alexandr Kovalenko <never@nevermind.kiev.ua>, arch@FreeBSD.ORG Subject: Re: OpenSSL vs. -lmd Message-ID: <3D4998F9.A736EA85@mindspring.com> References: <200207311641.g6VGfRWj099655@freefall.freebsd.org> <20020801143059.GA536@nevermind.kiev.ua> <200208011151.55478.mi%2Bmx@aldan.algebra.com> <3D498FB4.6987B696@mindspring.com> <20020801195640.GQ26797@madman.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jacques A. Vidrine" wrote: > > and is so mixed up > > in various code that it's hard to keep up with changes for > > security updates. > > Updating it required only some very minor build-infrastructure changes > outside of src/crypto/openssl. I'm not sure what you mean here. It is hard to update to the latest version of the code on a FreeBSD 4.6-RELEASE box. > > whereas the > > other things that come with the package can change rather > > frequently, since they speak to policy. > > I don't understand. Code which implements policy. > > Consider that it is very hard to use an updated OpenSSL (e.g. > > 0.9.7-Beta or 0.9.6e) with FreeBSD these days. > > Hmm, all versions of FreeBSD have OpenSSL 0.9.6e. Even those released before 0.9.6e was available? > I haven't looked > at 0.9.7 personally, but I can't imagine what would prevent one from > using it on FreeBSD. The same thing that prevents people from using the newer BIND resolver libraries: the code is maintained seperately from the FreeBSD project by an outside third party. > > Also consider that it's hard to build a project whose code is > > independent of FreeBSD itself, with all these interfaces in > > the base OS by default. > > If I grasp what you mean: Only for lazy programmers who don't > understand the interfaces that they are using. :-) No. I mean that I can't build something that will build on FreeBSD *and* build on some other platform, without having to inventory all of the implicitly installed packages on FreeBSD to know which OpenSSL I'm getting. > > My recommendation is to keep the "md" library. It satisfies > > the "mechanism, not policy" philosophy in a way that OpenSSL > > does not. > > I'm not sure how providing duplicate implementations of the digest > functions is useful or desirable. I'm in no hurry to ditch libmd, but > I do hope to get around to it someday. Duplicate functions aren't desirable, but someone imported the OpenSSL implementations anyway. 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D4998F9.A736EA85>