Committer needed for PR 208029

Jim Ohlstein jim at
Wed Apr 6 17:11:24 UTC 2016


On 4/6/16 12:39 PM, Mathieu Arnold wrote:
> +--On 6 avril 2016 12:00:47 -0400 Jim Ohlstein <jim at> wrote:
> | Hello,
> |
> |> On Apr 6, 2016, at 11:37 AM, Mathieu Arnold <mat at> wrote:
> |>
> |> +--On 6 avril 2016 10:06:41 -0400 Jim Ohlstein <jim at> wrote:
> |> | Hello,
> |> |
> |> | On 4/6/16 12:44 AM, Kurt Jaeger wrote:
> |> |> Hi!
> |> |>
> |> |>> Actually, I just noticed (when compiling the port), that the Makefile
> |> |>> now says:
> |> |>>
> |> |>> WITH_OPENSSL_PORT=yes
> |> |>
> |> |> Yes, sorry, my fault. Fixed, and as suggested by mat: It is
> |> |> now as IGNORE with a message explaining how to do it for 9.x.
> |> |>
> |> |
> |> | This is much ado about nothing. The "WITH_OPENSSL_PORT" option is there
> |> | for just this purpose and is used in many ports.
> |>
> |> No, the WITH_OPENSSL_PORT knob is a global one, and must not be used in
> |> ports makefiles.  The fact is, there are ports using it, true, it does
> |> not mean it is the right thing to do.
> |>
> |
> | Then there are many ports being committed incorrectly, as well as, no
> | doubt, many *official* packages.
> |
> | I really have no dog in this fight. I use it globally and build all of my
> | own packages with poudriere, but either it shouldn't be there at all, or
> | it should be ok to use. Having it available as an option to porters and
> | then saying it shouldn't be used seems a bit silly.
> Well, it is not available for the porters as it is a global directive, they
> use it anyway.
> Anyway, like I said, working on it.

Maybe an edit to portlint is in order. That way they might know. As of 
now, portlint does not so much as emit a warning.

I don't entirely disagree with the premise that all ports that require 
OpenSSL should be built against the version in ports. As I said, I do it 
and it also makes port maintenance simpler. However, as long as it is 
actually an option, as it is now, then it should be availed when desired.

Further down the road (but not all that far) I foresee other, perhaps 
bigger problems if using this strategy. OpenSSL 1.1.0 is in beta and 
will be released within the next month or two. It is not completely 
backward compatible. At some point it will become the official ports 
version and/or two versions will need to be maintained in ports, 1.0.2 
(LTS until 2019) and 1.1.x. This will create the problem of some/many 
ports not building against 1.1.x and some ports or port options 
_requiring_ 1.1.x. Assuming 1.1.x is the main OpenSSL in ports, there 
will be ports that would build properly against OpenSSL in base (but 
cannot be built that way if using the ports version is mandated), and do 
not compile against OpenSSL 1.1.x. Most can no doubt be patched, but 
waiting for upstream providers to do so may be problematic, and many 
porters lack the skills.

Jim Ohlstein

"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain

More information about the freebsd-ports mailing list