--=-=-= Content-Type: text/plain Paul Hoffman <[email protected]> writes: > On Apr 27, 2014, at 8:08 AM, Jamie Landeg-Jones <[email protected]> wrote: > >> Basically what I'm asking: Shouldn't a port that uses OpenSSL *always* >> build against the port if it's installed? > > Yes, that is a reasonable expectation. I certainly had it in my head > when I rebuilt Sendmail+TLS after heartbleed, but I didn't think of > checking it. I can see your point, but simply using a package that is installed violates one of the basic design points of packaging systems. The built package should not depend on the environment in ways that are not expressed within packaging metadata. In pkgsrc (NetBSD), pkgsrc openssl can be used. But, there is a calculated default (per platform) of whether the builtin version is good enough. Currently, netbsd-5's 0.9.9 is deemed too crufty (due to features; this is not about heartbleed). There are also variables to set to prefer/use pkgsrc openssl even if builtin is deemed adequate, for people that want to build that way. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlNeYasACgkQ+vesoDJhHiVGcgCfbh9MImTC0roNC7UdepqGI9Ww lGAAoLekMldntoZDX4+ZYmta7pV3uknd =waHm -----END PGP SIGNATURE----- --=-=-=--