Re: heimdal: remove openssl dependency

To: yancm%sdf.org@localhost
Subject: Re: heimdal: remove openssl dependency
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Wed, 09 Oct 2019 11:14:36 -0400

yancm%sdf.org@localhost writes:

>> heimdal does not build against the openssl 1.1 API.
>>
>> It includes its own crypto (stripped down openssl code IIUC) called
>> hcrypto.
>>
>> The attached patch switches heimdal to use that instead of an openssl
>> package (which might be 1.1 e.g. on NetBSD-current).
>>
>> Comments?
>>  Thomas
>
> Stating the obvious?
>
> Short term this may not be a problem, and is pragmatic.
>
> But longer term, as openssl development focuses on 1.1+, having packages
> roll (excerpt) their own crypto seems a step backward that could drive
> multiple package updates to pull up changes just in the crypto library...
> and be at mercy of each package to pull up bug fixes that have been
> released for months in the base openssl, leaving packages potentially
> vulnerable.

Sure, but the question on the able is

  what should pkgsrc do now

as opposed to

  what should heimdal (upstream) do


The second question's answer is pretty obviously "add support for
openssl 1.1, and make a release".

Follow-Ups:
- Re: heimdal: remove openssl dependency
  - From: maya

References:
- heimdal: remove openssl dependency
  - From: Thomas Klausner
- Re: heimdal: remove openssl dependency
  - From: yancm

Prev by Date: Re: heimdal: remove openssl dependency
Next by Date: Re: heimdal: remove openssl dependency
Previous by Thread: Re: heimdal: remove openssl dependency
Next by Thread: Re: heimdal: remove openssl dependency
Indexes:

Home | Main Index | Thread Index | Old Index