On 11.07.2016 23:13, Slawa Olhovchenkov wrote:
> On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote:
>> On 11.07.2016 19:29, Slawa Olhovchenkov wrote:
>>> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote:
>>>> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote:
>>>>> I.e. GOST will be available in openssl.
>>>>> Under BSD-like license.
>>>>> Can be this engine import in base system and enabled at time 1.1.0?
>>>>> And can be GOST enabled now?
>>>> I think the wrong question is being asked here. Instead we need to focus
>>>> on decoupling openssl from base so this can all be handled by ports.
>>> This is wrong direction with current policy.
>>> ports: unsupported by FreeBSD core and securite team, no guaranted to
>>> between options and applications.
>>> base: supported by FreeBSD core and securite team, covered by CI,
>>> checked for forward and backward API and ABI compatibility.
>> Ports are supported by secteam, and recently I notice "headsup" mail
>> with intention to make base openssl private and switch all ports to
>> security/openssl port.
> I mean `support` is commit reviewing, auditing and etc.
> Secteam do it for ports?
At least CVEs are tracked. You better ask about whole list of ports
secteam duties secteam themselves.
>> Adding of GOST as 3rd party plugin is technically possible in both
>> (base, ports) cases, the rest of decision is up to FreeBSD openssl
>> maintainers and possible contributors efforts.
>> I need to specially point to "patches" section of the 3rd party GOST
>> plugin, from just viewing I don't understand, are those additional
>> openssl patches should be applied to openssl for GOST, or they are just
>> reflect existent changes in the openssl.
>> freebsd-secur...@freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
email@example.com mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"