On 11.07.2016 19:29, Slawa Olhovchenkov wrote:> On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote:
>
>>
>>
>> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote:
>>>
>>> I.e. GOST will be available in openssl.
>>> Under BSD-like license.
>>> Can be this engine import in base system and enabled at time 1.1.0?
>>> And can be GOST enabled now?
>>>
>>
>> I think the wrong question is being asked here. Instead we need to
focus
>> on decoupling openssl from base so this can all be handled by ports.
>
> This is wrong direction with current policy.
> ports: unsupported by FreeBSD core and securite team, no guaranted to
comaptible
> between options and applications.
>
> base: supported by FreeBSD core and securite team, covered by CI,
> checked for forward and backward API and ABI compatibility.
>
Ports are supported by secteam, and recently I notice "headsup" mail
with intention to make base openssl private and switch all ports to
security/openssl port.
Adding of GOST as 3rd party plugin is technically possible in both
(base, ports) cases, the rest of decision is up to FreeBSD openssl
maintainers and possible contributors efforts.
I need to specially point to "patches" section of the 3rd party GOST
plugin, from just viewing I don't understand, are those additional
openssl patches should be applied to openssl for GOST, or they are just
reflect existent changes in the openssl.