Date: Wed, 11 Jun 2014 17:14:16 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd-security <freebsd-security@freebsd.org> Subject: Re: OpenSSL end of life Message-ID: <53987248.5050103@obluda.cz> In-Reply-To: <539860DE.9080609@FreeBSD.org> References: <CAG5KPzyYzcu0qF9m2Fjgh7tTC=RrSMpxzHiDX5zD8_U_aB8k2A@mail.gmail.com> <5398482C.7020406@obluda.cz> <CAG5KPzxQm1ayF=p5pAsttHvxoAOFvNTvxhe6AS-auX27mxdywg@mail.gmail.com> <539859BC.2050303@obluda.cz> <539860DE.9080609@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/11/14 15:59, Jonathan Anderson: > Once we officially move to the 5-year branch lifetime 5-year ? In such case, the content of /usr/src/contrib needs to be reevaluated very carefully. The OpenSSL is not only external library here ... > It seems to me that the only solution is to remove the ABI promise on OpenSSL: move the base system's libcrypt.so into /usr/lib/private. You are proposing to change meaning of words "patch" and "upgrade". Sure, if we will call some upgrades as patches, then version number needs not to be bumped, so we can reach the 5-year lifetime magically. But it's just magic with the words. I prefer different approach. If we can't maintain 5-year lifetime, then we can't declare it just by tricks. OK, I have no problem with such kind of black magic. As long as I know the meaning of the words, I can understand the sentences. I will translate "5-year lifetime" label to something I will understand. Note - English is not my native language. The text above is not offense in any way. It explained how I understood the solution your mentioned. Despite I don't prefer this kind of solution, I can live with it if necessary. I prefer other solution mentioned in the thread. We need to support particular version of OpenSSL by self during lifetime of particular release. Despite of such self-support, I would like to recommend that OpenSSL releases have a lifetime declared at it's release time. It may be extended (by known amount of time) before expired if there will be no never release ready. Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53987248.5050103>