Date: Wed, 06 Apr 2016 19:35:08 +0200 From: Michelle Sullivan <michelle@sorbs.net> To: Jim Ohlstein <jim@ohlste.in>, Mathieu Arnold <mat@FreeBSD.org> Cc: Kurt Jaeger <lists@opsec.eu>, =?UTF-8?Q?Martin_Waschb=c3=bcsch?= <martin@waschbuesch.de>, ports@freebsd.org Subject: Re: Committer needed for PR 208029 Message-ID: <570548CC.6000709@sorbs.net> In-Reply-To: <57054338.2000702@ohlste.in> References: <498CA3F8-15EF-45BD-880C-241F83CBE3DD@waschbuesch.de> <20160405185159.GK35640@home.opsec.eu> <20160405200835.GM35640@home.opsec.eu> <57042958.5010701@sorbs.net> <C96569DA-ADC5-4BE0-819A-7375C3F50D8E@waschbuesch.de> <20160406044431.GO35640@home.opsec.eu> <570517F1.5020305@ohlste.in> <C370FD7BEFFDA8136306B7AD@ogg.in.absolight.net> <261A33F8-4884-48B4-9152-4AD9CBC2CE3F@ohlste.in> <0DD478F6916BDE9C42FC4EAA@ogg.in.absolight.net> <57054338.2000702@ohlste.in>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Ohlstein wrote: > Hello, > > On 4/6/16 12:39 PM, Mathieu Arnold wrote: >> +--On 6 avril 2016 12:00:47 -0400 Jim Ohlstein <jim@ohlste.in> wrote: >> | Hello, >> | >> |> On Apr 6, 2016, at 11:37 AM, Mathieu Arnold <mat@FreeBSD.org> wrote: >> |> >> |> +--On 6 avril 2016 10:06:41 -0400 Jim Ohlstein <jim@ohlste.in> wrote: >> |> | Hello, >> |> | >> |> | On 4/6/16 12:44 AM, Kurt Jaeger wrote: >> |> |> Hi! >> |> |> >> |> |>> Actually, I just noticed (when compiling the port), that the >> Makefile >> |> |>> now says: >> |> |>> >> |> |>> WITH_OPENSSL_PORT=yes >> |> |> >> |> |> Yes, sorry, my fault. Fixed, and as suggested by mat: It is >> |> |> now as IGNORE with a message explaining how to do it for 9.x. >> |> |> >> |> | >> |> | This is much ado about nothing. The "WITH_OPENSSL_PORT" option >> is there >> |> | for just this purpose and is used in many ports. >> |> >> |> No, the WITH_OPENSSL_PORT knob is a global one, and must not be >> used in >> |> ports makefiles. The fact is, there are ports using it, true, it >> does >> |> not mean it is the right thing to do. >> |> >> | >> | Then there are many ports being committed incorrectly, as well as, no >> | doubt, many *official* packages. >> | >> | I really have no dog in this fight. I use it globally and build all >> of my >> | own packages with poudriere, but either it shouldn't be there at >> all, or >> | it should be ok to use. Having it available as an option to porters >> and >> | then saying it shouldn't be used seems a bit silly. >> >> Well, it is not available for the porters as it is a global >> directive, they >> use it anyway. >> >> Anyway, like I said, working on it. >> > > Maybe an edit to portlint is in order. That way they might know. As of > now, portlint does not so much as emit a warning. > > I don't entirely disagree with the premise that all ports that require > OpenSSL should be built against the version in ports. As I said, I do > it and it also makes port maintenance simpler. However, as long as it > is actually an option, as it is now, then it should be availed when > desired. I don't agree or disagree for what it's worth... What I do say though is where ever possible all ports should be compiled against one version.. of course GSSAPI support is a 'special case' in point that might have to break that rule of thumb. > > Further down the road (but not all that far) I foresee other, perhaps > bigger problems if using this strategy. OpenSSL 1.1.0 is in beta and > will be released within the next month or two. It is not completely > backward compatible. 100% there...! > At some point it will become the official ports version and/or two > versions will need to be maintained in ports, 1.0.2 (LTS until 2019) > and 1.1.x. This will create the problem of some/many ports not > building against 1.1.x and some ports or port options _requiring_ > 1.1.x. Assuming 1.1.x is the main OpenSSL in ports, there will be > ports that would build properly against OpenSSL in base (but cannot be > built that way if using the ports version is mandated), and do not > compile against OpenSSL 1.1.x. Most can no doubt be patched, but > waiting for upstream providers to do so may be problematic, and many > porters lack the skills. > Personally I'm surprised there is not more than one major version of openssl in the ports tree already.. perhaps there should be... -- Michelle Sullivan http://www.mhix.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?570548CC.6000709>