|Summary:||Mk/bsd.default-versions.mk: define SSL_DEFAULT=openssl on FreeBSD 11.*|
|Product:||Ports & Packages||Reporter:||Jan Beich <jbeich>|
|Component:||Individual Port(s)||Assignee:||Port Management Team <portmgr>|
|Severity:||Affects Only Me||CC:||kde|
Description Jan Beich 2020-12-12 14:06:02 UTC
Created attachment 220486 [details] v1 FreeBSD binary packages are supposed to be useful for the widest range of users. As many ports are BROKEN with OpenSSL < 1.1 and FreeBSD-SA-20:33.openssl the stacks are against packages using base OpenSSL. Packages never promised stable ABI unlike base system. So, let's switch the default.
Comment 1 Jan Beich 2020-12-12 14:12:01 UTC
Need an exp-run for a better picture: how much volunteer's time we'd actually save by sacrificing a base component that turned rotten before EOL.
Comment 2 Mathieu Arnold 2020-12-12 15:32:28 UTC
I can already tell you how it will go. - Everything will build - Except for ports that also use GSSAPI, which now can't use GSSAPI from base and have to be built with a ports version of GSSAPI. Now, for those ports, they don't work any more as the innards of the different GSSAPI are not compatible. - Things will run - Except stuff that links with stuff in base, like pkg, and with libpkg comes net-snmp, then php-snmp, and then, boom, it explodes mid flight because you built php with ssl from ports, but php-snmp brings in openssl from the base system. We could devote exp-run resources to this, but, well, the switch from ssl=base to ssl=openssl will never happen in the official package repository, so, why bother...