pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: heimdal: remove openssl dependency writes:

>> heimdal does not build against the openssl 1.1 API.
>> It includes its own crypto (stripped down openssl code IIUC) called
>> hcrypto.
>> The attached patch switches heimdal to use that instead of an openssl
>> package (which might be 1.1 e.g. on NetBSD-current).
>> Comments?
>>  Thomas
> Stating the obvious?
> Short term this may not be a problem, and is pragmatic.
> But longer term, as openssl development focuses on 1.1+, having packages
> roll (excerpt) their own crypto seems a step backward that could drive
> multiple package updates to pull up changes just in the crypto library...
> and be at mercy of each package to pull up bug fixes that have been
> released for months in the base openssl, leaving packages potentially
> vulnerable.

Sure, but the question on the able is

  what should pkgsrc do now

as opposed to

  what should heimdal (upstream) do

The second question's answer is pretty obviously "add support for
openssl 1.1, and make a release".

Home | Main Index | Thread Index | Old Index