tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Call for testers: OpenSSL 1.0.1c

On Mon, Jan 21, 2013 at 9:31 AM, Thomas Klausner <> 
> On Mon, Jan 21, 2013 at 10:24:49AM -0500, Greg Troxel wrote:
>> "Jonathan Perkin" <> writes:
>> > One change from the current package which may possibly bite people is
>> > the removal of MD2 to follow the default OpenSSL configuration.  I
>> > note that NetBSD's 1.0.1c retains MD2 support, and I'd be interested
>> > in feedback as to whether I should do the same in pkgsrc.
>> Without thinking much, it seems that pkgsrc should follow base, but
>> perhaps base should change.
>> What's the rationale for dropping md2?  It seems like the code could not
>> be big, and the question is whether the memory usage hurts more than the
>> benefit of any use.  Is the use of md2 really zero (rather than rare)
>> these days?  It seems like it should be, but things live on longer than
>> they should.
> On the other hand, we usually follow upstream featurewise. I think the
> argument _for adding patches to readd md2 support_ should be made, if
> any.

Not adding patches, simply --enable-md2 passed to configure.  As a
data point the FreeBSD package for 1.0.1c has the option to include
MD2, and has the option enabled by default.  They changed the option
from default off to default on only 12 months ago, so it does not
appear it was left on since 1.0 just because no one thought about it.

 - Tim

Home | Main Index | Thread Index | Old Index