openssl from ports
rsimmons0 at gmail.com
Sat Mar 3 21:33:43 UTC 2012
On Sat, Mar 3, 2012 at 8:31 AM, Jerry <jerry at seibercom.net> wrote:
> On Sat, 03 Mar 2012 12:49:18 +0000
> Matthew Seaman articulated:
>> Unfortunately I can't answer that. I'm not in any position to decide
>> such things.
>> However I can hazard a guess at some of the possible reasons:
>> * openssl API changes between 0.9.x and 1.0.0 mean updating the
>> shlibs is not a trivial operation, and it was judged that the
>> benefits obtained from updating did not justify the effort.
>> * no one had any time to import the new version. There's plenty of
>> security-critical stuff depending on openssl, and making sure all
>> of that didn't suffer from any regressions is not a trivial job.
>> * simply that no one thought of doing the upgrade.
> Thanks Matthew. Personally, I have my own take on the matter. Regarding
> your first two possibility, I believe the problem can be directly
> traced to "procrastination". At some point in time, there will come the
> need to update the base system's OPENSSL version. Procrastination only
> doubles the work you have to do tomorrow. It reminds me of what a
> college professor once told me, "There is never enough time to do it
> right, but there is always enough time to do it over." Sad but true.
> As to your third possibility, the need to update the port has been
> mentioned several times on this forum over the past year. I find it
> extremely improbable that no one considered the possibility that the
> existing application might not be up-to-date. Yet, as has been stated
> numerous times, if you always expect the worst in people you will
> never be disappointed.
I'm replying off-list. No need to reply this back onto the list.
Please don't accuse a volunteer project of procrastination. If there
is not enough manpower to make a change to the operating system, then
roll up your sleeves and contribute. Throwing non-constructive
insults at the project when you yourself are not contributing to the
effort that you're complaining about achieves nothing. I've seen this
type of attitude many times over the years in free software projects
from users, and it shouldn't continue.
Also, please don't feel insulted. We both like FreeBSD. Just make
your contributions constructive.
More information about the freebsd-questions