openssl from ports
Volodymyr Kostyrko
c.kworr at gmail.com
Sat Mar 3 13:01:40 UTC 2012
Matthew Seaman wrote:
>>> Stable/9, but this hasn't changed in 9.0-RELEASE:
>>>
>>> worm:~:# /usr/bin/openssl version
>>> OpenSSL 0.9.8q 2 Dec 2010
>>
>> Matthew, why does FreeBSD continue to use an older version of OPENSSL
>> for the base system when a newer version is available? While I could
>> understand, even if not fully approve the use of an older version in
>> the same major version, its continues use as the de facto standard in an
>> entirely new major version release is counter productive. There have
>> been many improvements in the 1.x release of OPENSSL so I fail to see
>> the logical use of the older version. If anything, they (the FreeBSD
>> developers) could keep this older version available in the ports system
>> and use the newer version as the default in the base system.
>
> Unfortunately I can't answer that. I'm not in any position to decide
> such things.
>
> However I can hazard a guess at some of the possible reasons:
>
> * openssl API changes between 0.9.x and 1.0.0 mean updating the
> shlibs is not a trivial operation, and it was judged that the
> benefits obtained from updating did not justify the effort.
>
> * no one had any time to import the new version. There's plenty of
> security-critical stuff depending on openssl, and making sure all
> of that didn't suffer from any regressions is not a trivial job.
>
> * simply that no one thought of doing the upgrade.
Actually there is something weird about openssl maintenance:
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/163951
I asked in the lists, bugged different persons and still can't get clear
answer about this vulnerability.
You know I'm just not feeling safe with ECDSA keys...
--
Sphinx of black quartz judge my vow.
More information about the freebsd-questions
mailing list