> -----Original Message----- > From: J Harper [mailto:[EMAIL PROTECTED] > Sent: Thursday, 10 June 2004 20:39 > To: [EMAIL PROTECTED] > Subject: Re: Problems installing OpenSSL on Linux > > > This is an informative post, thank you. I'd like to add that > this is one of > the huge problems with RedHat's library and dependencies > configuration. > Manually weeding through the dependencies by hand to install > a new version > of OpenSSL from source is very difficult, and upgrading an > entirely new > kernel and OS seems completely ludicrous to have timely > security updates. > Production systems that are tested and have been running for > months/years > can't go through this process each time a critical security update for > OpenSSL is released. > > The OpenSSL team does a fine job of acknowledging and fixing security > issues, but if users of the most popular Linux distribution > can't use them, > it seems like a huge issue. Is there a workaround we don't > know about? How > well do other distributions handle this? Ideally you could just use > apt-get, and have the latest version installed. > > J Harper > PeerSec Networks > http://www.peersec.com >
Actually in my experience (which goes back to compiling openssl and apache on Red Hat BEFORE they were included in the OS) sticking with Red Hat's RPMs is always easier than trying to roll your own generic installations. The only restriction on using the Red Hat openssl are that certain ciphers are not included due to US patent restrictions. In fact, it is Red Hat's stated policy that they "backport" patches rather than add new "features". That does mean that version numbers differ from the latest version, which is frankly a minor inconvenience. Details of all of this and how to build openssl without patent restrictions on your systems is in the openssl FAQ. -- John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] I don't know which is worse. The makers of soap operas thinking they portray real life or those that watch them thinking it is real life! -- DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
