openssl from ports
c.kworr at gmail.com
Sat Mar 3 13:01:40 UTC 2012
Matthew Seaman wrote:
>>> Stable/9, but this hasn't changed in 9.0-RELEASE:
>>> worm:~:# /usr/bin/openssl version
>>> OpenSSL 0.9.8q 2 Dec 2010
>> Matthew, why does FreeBSD continue to use an older version of OPENSSL
>> for the base system when a newer version is available? While I could
>> understand, even if not fully approve the use of an older version in
>> the same major version, its continues use as the de facto standard in an
>> entirely new major version release is counter productive. There have
>> been many improvements in the 1.x release of OPENSSL so I fail to see
>> the logical use of the older version. If anything, they (the FreeBSD
>> developers) could keep this older version available in the ports system
>> and use the newer version as the default in the base system.
> Unfortunately I can't answer that. I'm not in any position to decide
> such things.
> However I can hazard a guess at some of the possible reasons:
> * openssl API changes between 0.9.x and 1.0.0 mean updating the
> shlibs is not a trivial operation, and it was judged that the
> benefits obtained from updating did not justify the effort.
> * no one had any time to import the new version. There's plenty of
> security-critical stuff depending on openssl, and making sure all
> of that didn't suffer from any regressions is not a trivial job.
> * simply that no one thought of doing the upgrade.
Actually there is something weird about openssl maintenance:
I asked in the lists, bugged different persons and still can't get clear
answer about this vulnerability.
You know I'm just not feeling safe with ECDSA keys...
Sphinx of black quartz judge my vow.
More information about the freebsd-questions