FreeBSD-newbies is a community.

[Ash Gokhale]

	The crypto (libcrypto) framework is a set of algorithms , code , 
headers and libraries that allow your machine to encrypt and decrypt 
traffic bound for where someone might want to read, alter or forge it, 
and you don't want them to. There are places where it is not legal use 
or export some of this technology; find out if you live in one.
	
	OpenSSLis a part of that framework. To think you run a secure machine, 
you must convince yourself that It's secure on all levels. All the 
applications on your machine look to libcrypto to provide security 
services to provide. It's the engine for packages like SSH and 
Apache/SSL. Above the hardware and the kernel, it's the basis for all 
the crypto on the machine. Never versions of applications require 
current versions of libcrypto to resist attacks based on known bugs.

	Ports is easy. By building out of ports you are leveraging other 
peoples work, but you might not say with high confidence that the ports 
system builds libcrypto to your level of paranoia. If you can conceive 
of some malicious person slipping something bad into the repository (it 
has happened to other OS's), you may want to build it yourself.

	Building it yourself is the other option. Before there was a ports 
tree, you had to build it all by hand, in doing so you learn much about 
your machine and the thousands of ways to break it. OpenSSL.org makes 
the signed source code available; which you can be reasonably sure has 
not been tampered.  When you get good at the process you can commit 
your own port to the ports tree.

> btw: I would not build _my_ crypto framework from ports. *wink
btw: Adding this btw in this manner is called a troll.

On Mar 20, 2004, at 1:17 PM, Sally Hines wrote:

> What does it mean? You would not build your crypto framework from 
> ports?
> What is crypto framework?
> Why not ports?
> What options are there?
Ash Gokhale
System Administration Lead,
NOAA/MDL