Committer needed for PR 208029
jim at ohlste.in
Wed Apr 6 17:11:24 UTC 2016
On 4/6/16 12:39 PM, Mathieu Arnold wrote:
> +--On 6 avril 2016 12:00:47 -0400 Jim Ohlstein <jim at ohlste.in> wrote:
> | Hello,
> |> On Apr 6, 2016, at 11:37 AM, Mathieu Arnold <mat at FreeBSD.org> wrote:
> |> +--On 6 avril 2016 10:06:41 -0400 Jim Ohlstein <jim at ohlste.in> wrote:
> |> | Hello,
> |> |
> |> | On 4/6/16 12:44 AM, Kurt Jaeger wrote:
> |> |> Hi!
> |> |>
> |> |>> Actually, I just noticed (when compiling the port), that the Makefile
> |> |>> now says:
> |> |>>
> |> |>> WITH_OPENSSL_PORT=yes
> |> |>
> |> |> Yes, sorry, my fault. Fixed, and as suggested by mat: It is
> |> |> now as IGNORE with a message explaining how to do it for 9.x.
> |> |>
> |> |
> |> | This is much ado about nothing. The "WITH_OPENSSL_PORT" option is there
> |> | for just this purpose and is used in many ports.
> |> No, the WITH_OPENSSL_PORT knob is a global one, and must not be used in
> |> ports makefiles. The fact is, there are ports using it, true, it does
> |> not mean it is the right thing to do.
> | Then there are many ports being committed incorrectly, as well as, no
> | doubt, many *official* packages.
> | I really have no dog in this fight. I use it globally and build all of my
> | own packages with poudriere, but either it shouldn't be there at all, or
> | it should be ok to use. Having it available as an option to porters and
> | then saying it shouldn't be used seems a bit silly.
> Well, it is not available for the porters as it is a global directive, they
> use it anyway.
> Anyway, like I said, working on it.
Maybe an edit to portlint is in order. That way they might know. As of
now, portlint does not so much as emit a warning.
I don't entirely disagree with the premise that all ports that require
OpenSSL should be built against the version in ports. As I said, I do it
and it also makes port maintenance simpler. However, as long as it is
actually an option, as it is now, then it should be availed when desired.
Further down the road (but not all that far) I foresee other, perhaps
bigger problems if using this strategy. OpenSSL 1.1.0 is in beta and
will be released within the next month or two. It is not completely
backward compatible. At some point it will become the official ports
version and/or two versions will need to be maintained in ports, 1.0.2
(LTS until 2019) and 1.1.x. This will create the problem of some/many
ports not building against 1.1.x and some ports or port options
_requiring_ 1.1.x. Assuming 1.1.x is the main OpenSSL in ports, there
will be ports that would build properly against OpenSSL in base (but
cannot be built that way if using the ports version is mandated), and do
not compile against OpenSSL 1.1.x. Most can no doubt be patched, but
waiting for upstream providers to do so may be problematic, and many
porters lack the skills.
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
More information about the freebsd-ports