Date: Fri, 11 Dec 2020 12:13:31 -0800 From: Benjamin Kaduk <kaduk@mit.edu> To: Franco Fichtner <franco@lastsummer.de> Cc: Martin Simmons <martin@lispworks.com>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-20:33.openssl Message-ID: <20201211201331.GJ64351@kduck.mit.edu> In-Reply-To: <612054DD-F857-455F-AF49-695A910A0D81@lastsummer.de> References: <202012111219.0BBCJYSf000629@higson.cam.lispworks.com> <612054DD-F857-455F-AF49-695A910A0D81@lastsummer.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Franco, On Fri, Dec 11, 2020 at 01:28:43PM +0100, Franco Fichtner wrote: > > > On 11. Dec 2020, at 13:20, Martin Simmons <martin@lispworks.com> wrote: > > > > > > I'm talking about the binary packages from pkg.FreeBSD.org. Don't they always > > use the base OpenSSL at the moment? > > Yes, and if it would be built against ports OpenSSL you can no longer build against LibreSSL locally. > > In OPNsense we do build against ports OpenSSL for upgrade ease, but we also offer a second set of packages for LibreSSL. > > For the normal FreeBSD user defaulting packages against OpenSSL from ports would be severely limiting their capability to deviate from this with one-off builds and most cannot or will not run their own poudriere batch. > > Effectively, using the second tier crypto to emulate the first tier crypto would trash the second tier for everyone else. Could you please clarify what you mean by "second tier crypto" and "first tier crypto"? I'm having a hard time understanding this statement. Thanks, Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201211201331.GJ64351>