Re: Prefer pkgsrc OpenSSL after 2016Q1.

To: Manuel Bouyer <bouyer%antioche.eu.org@localhost>, coypu%SDF.ORG@localhost
Subject: Re: Prefer pkgsrc OpenSSL after 2016Q1.
From: Kamil Rytarowski <n54%gmx.com@localhost>
Date: Wed, 9 Mar 2016 22:58:51 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09.03.2016 09:36, Manuel Bouyer wrote:
> On Wed, Mar 09, 2016 at 08:30:38AM +0000, coypu%SDF.ORG@localhost wrote:
>> The end game here is a scenario where OpenSSL and others do not
>> have a special status, and can be updated in standard ways.
> 
> and then you have /usr/bin/openssl and /usr/pkg/bin/openssl and you
> never know which one you use. I still don't understand what problem
> you're trying to solve,

This idea originated from the fact that we don't actively release
advisories for stable releases.

- From what I understand the current approach is rather tracking
- -current or stable branch. If it is so, it could be made clear for
users and announce on the website that this and that branch has been
updated with a security update for that and this.

Me and few other users were worried about it, trying to walk-around
the issue with pkgsrc. I met already users using openssh, openssl bind
and others only from pkgsrc, because they were worried about security.

For people not tracking commits these security updates in branches
aren't visible.

I hope this is making the issue clear, while the solution proposed in
this topic may not be correct.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW4JyaAAoJEEuzCOmwLnZs4RsQALocCyipK6CyPJ4KLx9kG3Z/
0eVmbnrayDJkB3axIb7cEJjZSXyim+gEm8r/d2v4VROEB+WIW74qHGaKad93yEr7
IWhykc1ahuAq3JDhrgrSPFd4u410vwVjHXkN4ZAKiyq/3BKtV6K5C/t8ojafq32P
omZVnsGVQ7gbx7G2e3QZMm7OJ8oNHedRzetZXTZKr7Vcj/V0Du2U5BYLbB076gvN
GydFaD46OicMB3tUD8Q0AkAvJuU39fkPe4OM5gCarzdenzoCLk9+i2oHg2i9m1a3
5VRuk5ebj/R33WJGBR+IxBy6ZWxeWevjp1Js99hGM81PV/b6cSzkhgN9iHVFLOP6
zCaOO6V2cTowYAAIS14cOFEiW45FiAkCfTBxN78qs6jysESaIb+1rVxdVXiLpkms
Iq28BLrwZxa/dapp/fslYSQH9izzPrBjqiWKkBjkCXwRG8bwcXCnSPwo3gv72OQo
2lQK88IIFJ8j87/i6fwEtgSOTqdTqsouT6zsWHBB8fjeKWw1VqN2skbqwCmikvFj
kU/bYMzm+Blv0LtqXhVai3NP2cd+mc+wsMVVD0Sms0p8PPFVoYxu0jNoYXnH+H/2
iv2+QlAvrkxUIDb8zI2Ixy7CPtjaP0O/lzakaJd6XMu+6DQ9IU7TxOFp4EE7+3IY
Wk5jmv3+vfpNxJPnyyUW
=f0IA
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Prefer pkgsrc OpenSSL after 2016Q1.
  - From: J. Lewis Muir

References:
- Prefer pkgsrc OpenSSL after 2016Q1.
  - From: coypu
- Re: Prefer pkgsrc OpenSSL after 2016Q1.
  - From: Greg Troxel
- Re: Prefer pkgsrc OpenSSL after 2016Q1.
  - From: Manuel Bouyer
- Re: Prefer pkgsrc OpenSSL after 2016Q1.
  - From: coypu
- Re: Prefer pkgsrc OpenSSL after 2016Q1.
  - From: Manuel Bouyer

Prev by Date: Re: Prefer pkgsrc OpenSSL after 2016Q1.
Next by Date: Re: Prefer pkgsrc OpenSSL after 2016Q1.
Previous by Thread: Re: Prefer pkgsrc OpenSSL after 2016Q1.
Next by Thread: Re: Prefer pkgsrc OpenSSL after 2016Q1.
Indexes:

Home | Main Index | Thread Index | Old Index