Forums.FreeBSD.org - SSL Issue?
Kimmo Paasiala
kpaasial at gmail.com
Sat May 16 14:20:04 UTC 2015
On Fri, May 15, 2015 at 9:34 PM, Roger Marquis <marquis at roble.com> wrote:
> Mark Felder wrote:
>>>
>>> Another option is a second openssl port, one that overwrites base and
>>> guarantees compatibility with RELEASE. Then we could at least have all
>>> versions of openssl in vuln.xml (not that that's been a reliable
>>> indicator of security of late).
>>>
>>
>> This will never work. You can't guarantee compatibility with RELEASE and
>> upgrade it too.
>
>
> How do you figure? RedHat does exactly that with every backport, and
> they do it for the life of a release.
>
> Roger
>
Redhat makes no promise of binary compatibility for locally compiled
software. They can update OpenSSL as they wish from version 1.0.1 to
1.0.2, recompile all affected packages (all of Redhat "userland" is
covered by .rpm packages) and push them to the users and advise users
of locally compiled software to recompile what they have. This is
unacceptable in FreeBSD that makes a hard promise that the ABI will
remain compatible troughout the whole lifetime of the same major
version line.
-Kimmo
More information about the freebsd-security
mailing list