On Mon, Jul 11, 2016 at 07:48:44PM +0300, Andrey Chernov wrote:
> On 11.07.2016 19:29, Slawa Olhovchenkov wrote:
> > On Mon, Jul 11, 2016 at 11:04:33AM -0500, Mark Felder wrote:
> >
> >>
> >>
> >> On Mon, Jul 11, 2016, at 05:29, Slawa Olhovchenkov wrote:
> >>>
> >>> I.e. GOST will be available in openssl.
> >>> Under BSD-like license.
> >>> Can be this engine import in base system and enabled at time
1.1.0?
> >>> And can be GOST enabled now?
> >>>
> >>
> >> I think the wrong question is being asked here. Instead we need to
focus
> >> on decoupling openssl from base so this can all be handled by
ports.
> >
> > This is wrong direction with current policy.
> > ports: unsupported by FreeBSD core and securite team, no guaranted to
comaptible
> > between options and applications.
> >
> > base: supported by FreeBSD core and securite team, covered by CI,
> > checked for forward and backward API and ABI compatibility.
> >
>
> Ports are supported by secteam, and recently I notice "headsup"
mail
> with intention to make base openssl private and switch all ports to
> security/openssl port.
I mean `support` is commit reviewing, auditing and etc.
Secteam do it for ports?
> Adding of GOST as 3rd party plugin is technically possible in both
> (base, ports) cases, the rest of decision is up to FreeBSD openssl
> maintainers and possible contributors efforts.
>
> I need to specially point to "patches" section of the 3rd party
GOST
> plugin, from just viewing I don't understand, are those additional
> openssl patches should be applied to openssl for GOST, or they are just
> reflect existent changes in the openssl.
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"