On 7/8/16 12:20, Grzegorz Junka wrote: > > The only reason I heard why base isn't updated with the proper package > from ports is because of security implications. Older versions are more > security-tested and therefore safer. If there is a vulnerability in the > base it's much more hassle to update the base than ports.
Not necessarily safer -- for instance on FreeBSD 9.x the base system OpenSSL is EoL'ed by upstream, and therefore the security fixes are backported by secteam@ in a case-by-case manner. Generally speaking, newer code is safer and supports newer standards, and we recommend ALL users who are still on FreeBSD 9.x to use port version of OpenSSL. The only possible problem with defaulting to port OpenSSL that I can think of is some DLL hell style issue. If a base system library links against OpenSSL, then gets linked into port binary which links to port OpenSSL, we may see problems. For instance, some utilities depends on libarchive, libarchive depends on libcrypto (OpenSSL). If it loads a OpenLDAP client (i.e. through a NSS module), that depends on port version of libcrypto, there _may_ be problems. Cheers,
signature.asc
Description: OpenPGP digital signature