On 14/12/2015 07:18, Matthias Apitz wrote:
> I don't know why pkg 1.6.2 was produced with this recent libssl.so.8; it
> should have been done more conservative, IMHO

pkg(8) for HEAD just gets built against whatever is in recent HEAD.
Even though it can lead to problems like this when a shlib ABI version
gets bumped, I can't really see how else you'ld manage package building
for the bleeding edge version of the OS.

You will have similar problems for any port that links against libssl.so
from the base system.  You might be able to install openssl from ports
and make a sym-link to the libssl.so.8 that comes with that.

I believe bapt wants to make the base system libraries private to the
base system as far as possible and default to using versions from the
ports in cases like this, but it hasn't happened yet.  pkg(8) will
always be a special case though -- there's a bit of a chicken and egg
problem that means pkg(8) cannot itself have any external dependencies,
so pkg(8) may well end up importing some crypto code into its sources.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to