www/firefox really depends on security/openssl?
Yuri
yuri at rawbw.com
Wed May 13 21:09:58 UTC 2015
On 05/13/2015 04:11, Carmel NY wrote:
> The most reliable method to eliminate this, for lack of a better word
> "bullshit", would be for FreeBSD to keep the "base" system "openssl"
> version" up-to-date. It is apparent to even the most casual observer that
> the present method of allowing to different versions of such an important
> application on the same system without a fail proof method of choosing which
> version to use as you have demonstrated is truly counter productive to a
> "stable" environment.
Even keeping the base up-to-date won't necesarily work, since mixing of
two copies of the same shared lib from different locations may, and
probably will cause faulty behavior due to static variables, among other
reasons. Base OpenSSL should be used for one thigs, and port - for
others. Isolation is important.
I raised this conversation on Apr 1 here, but apparently this important
issue is still not resolved. I can't do this myself, because the patch
will be likely touching ~100 places, and people who commit it will have
to go through all the details, and essentially redo all the thinking. I
can't even get simple and obvious stage-qa checks to be checked in.
Likely because they aren't exciting enough. People are attracted to
exciting stuff.
Yuri
More information about the freebsd-ports
mailing list