ports requiring OpenSSL not honouring OpenSSL from ports
Greg Troxel
gdt at ir.bbn.com
Mon Apr 28 14:12:03 UTC 2014
Paul Hoffman <paul.hoffman at vpnc.org> writes:
> On Apr 27, 2014, at 8:08 AM, Jamie Landeg-Jones <jamie at dyslexicfish.net> wrote:
>
>> Basically what I'm asking: Shouldn't a port that uses OpenSSL *always*
>> build against the port if it's installed?
>
> Yes, that is a reasonable expectation. I certainly had it in my head
> when I rebuilt Sendmail+TLS after heartbleed, but I didn't think of
> checking it.
I can see your point, but simply using a package that is installed
violates one of the basic design points of packaging systems. The built
package should not depend on the environment in ways that are not
expressed within packaging metadata.
In pkgsrc (NetBSD), pkgsrc openssl can be used. But, there is a
calculated default (per platform) of whether the builtin version is good
enough. Currently, netbsd-5's 0.9.9 is deemed too crufty (due to
features; this is not about heartbleed). There are also variables to
set to prefer/use pkgsrc openssl even if builtin is deemed adequate, for
people that want to build that way.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140428/ab9c0bf2/attachment.sig>
More information about the freebsd-security
mailing list