tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Prefer pkgsrc OpenSSL after 2016Q1.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 09.03.2016 09:36, Manuel Bouyer wrote:
> On Wed, Mar 09, 2016 at 08:30:38AM +0000, coypu%SDF.ORG@localhost wrote:
>> The end game here is a scenario where OpenSSL and others do not
>> have a special status, and can be updated in standard ways.
> 
> and then you have /usr/bin/openssl and /usr/pkg/bin/openssl and you
> never know which one you use. I still don't understand what problem
> you're trying to solve,

This idea originated from the fact that we don't actively release
advisories for stable releases.

- From what I understand the current approach is rather tracking
- -current or stable branch. If it is so, it could be made clear for
users and announce on the website that this and that branch has been
updated with a security update for that and this.

Me and few other users were worried about it, trying to walk-around
the issue with pkgsrc. I met already users using openssh, openssl bind
and others only from pkgsrc, because they were worried about security.

For people not tracking commits these security updates in branches
aren't visible.

I hope this is making the issue clear, while the solution proposed in
this topic may not be correct.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW4JyaAAoJEEuzCOmwLnZs4RsQALocCyipK6CyPJ4KLx9kG3Z/
0eVmbnrayDJkB3axIb7cEJjZSXyim+gEm8r/d2v4VROEB+WIW74qHGaKad93yEr7
IWhykc1ahuAq3JDhrgrSPFd4u410vwVjHXkN4ZAKiyq/3BKtV6K5C/t8ojafq32P
omZVnsGVQ7gbx7G2e3QZMm7OJ8oNHedRzetZXTZKr7Vcj/V0Du2U5BYLbB076gvN
GydFaD46OicMB3tUD8Q0AkAvJuU39fkPe4OM5gCarzdenzoCLk9+i2oHg2i9m1a3
5VRuk5ebj/R33WJGBR+IxBy6ZWxeWevjp1Js99hGM81PV/b6cSzkhgN9iHVFLOP6
zCaOO6V2cTowYAAIS14cOFEiW45FiAkCfTBxN78qs6jysESaIb+1rVxdVXiLpkms
Iq28BLrwZxa/dapp/fslYSQH9izzPrBjqiWKkBjkCXwRG8bwcXCnSPwo3gv72OQo
2lQK88IIFJ8j87/i6fwEtgSOTqdTqsouT6zsWHBB8fjeKWw1VqN2skbqwCmikvFj
kU/bYMzm+Blv0LtqXhVai3NP2cd+mc+wsMVVD0Sms0p8PPFVoYxu0jNoYXnH+H/2
iv2+QlAvrkxUIDb8zI2Ixy7CPtjaP0O/lzakaJd6XMu+6DQ9IU7TxOFp4EE7+3IY
Wk5jmv3+vfpNxJPnyyUW
=f0IA
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index