GOST in OPENSSL_BASE
Andrey Chernov
ache at freebsd.org
Mon Jul 11 22:01:35 UTC 2016
On 11.07.2016 23:13, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote:
>
>> On 11.07.2016 19:29, Slawa Olhovchenkov wrote:
>>> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote:
>>>
>>>>
>>>>
>>>> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote:
>>>>>
>>>>> I.e. GOST will be available in openssl.
>>>>> Under BSD-like license.
>>>>> Can be this engine import in base system and enabled at time 1.1.0?
>>>>> And can be GOST enabled now?
>>>>>
>>>>
>>>> I think the wrong question is being asked here. Instead we need to focus
>>>> on decoupling openssl from base so this can all be handled by ports.
>>>
>>> This is wrong direction with current policy.
>>> ports: unsupported by FreeBSD core and securite team, no guaranted to comaptible
>>> between options and applications.
>>>
>>> base: supported by FreeBSD core and securite team, covered by CI,
>>> checked for forward and backward API and ABI compatibility.
>>>
>>
>> Ports are supported by secteam, and recently I notice "headsup" mail
>> with intention to make base openssl private and switch all ports to
>> security/openssl port.
>
> I mean `support` is commit reviewing, auditing and etc.
> Secteam do it for ports?
At least CVEs are tracked. You better ask about whole list of ports
secteam duties secteam themselves.
>
>> Adding of GOST as 3rd party plugin is technically possible in both
>> (base, ports) cases, the rest of decision is up to FreeBSD openssl
>> maintainers and possible contributors efforts.
>>
>> I need to specially point to "patches" section of the 3rd party GOST
>> plugin, from just viewing I don't understand, are those additional
>> openssl patches should be applied to openssl for GOST, or they are just
>> reflect existent changes in the openssl.
>>
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-current
mailing list