Mark Felder wrote:
In the future FreeBSD's base libraries like OpenSSL hopefully will be private: only the base system knows they exist; no other software will see them. This will mean that every port/package you install requiring OpenSSL will *always* use OpenSSL from ports/packages; no conflict is possible.
That's one way of approaching it but there are drawbacks to this method. Maintaining two sets of binaries and libraries that must be kept separate (using what kind of ACLs?) adds complexity. Complexity is the enemy of security. Another option is a second openssl port, one that overwrites base and guarantees compatibility with RELEASE. Then we could at least have all versions of openssl in vuln.xml (not that that's been a reliable indicator of security of late). Roger Marquis _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
