Created attachment 220486 [details]
FreeBSD binary packages are supposed to be useful for the widest range of users. As many ports are BROKEN with OpenSSL < 1.1 and FreeBSD-SA-20:33.openssl the stacks are against packages using base OpenSSL. Packages never promised stable ABI unlike base system. So, let's switch the default.
Need an exp-run for a better picture: how much volunteer's time we'd actually save by sacrificing a base component that turned rotten before EOL.
I can already tell you how it will go.
- Everything will build
- Except for ports that also use GSSAPI, which now can't use GSSAPI from base and have to be built with a ports version of GSSAPI. Now, for those ports, they don't work any more as the innards of the different GSSAPI are not compatible.
- Things will run
- Except stuff that links with stuff in base, like pkg, and with libpkg comes net-snmp, then php-snmp, and then, boom, it explodes mid flight because you built php with ssl from ports, but php-snmp brings in openssl from the base system.
We could devote exp-run resources to this, but, well, the switch from ssl=base to ssl=openssl will never happen in the official package repository, so, why bother...