> On 02 Jun 2015, at 16:50, Kimmo Paasiala <kpaas...@gmail.com> wrote: > > Even if the base system OpenSSL was modularized using pkg it would be > still subject to ABI stability requirements. In other words it would > be stuck at the version or versions that are 100% ABI compatible with > one installed initially on the first minor version of the same major > version line. Only critical security fixes would be backported to it > exactly as it is done now with the base system OpenSSL.
OpenSSL base is only used by base, unexposed. All ports are built against OpenSSL from ports. I don’t see the ABI problem. pkgng takes care of updating shared library dependencies and ABI changes. We can already move OPNsense installations from OpenSSL to LibreSSL and back without a flinch. The real issue are hand-rolled production systems that rely on a stable crypto API because someone did not want to add a ports/packages workflow to implement proper dependency tracking. I don’t think that has worked out particularly well. ;) Cheers, Franco _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
