openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pedro Giffuni <...@apache.org>
Subject Re: [QUESTION] Dependency on OpenSSL
Date Thu, 09 Jun 2016 15:43:07 GMT
Hi Dennis;

> I recall discussions of OpenSSL and updating our dependency on it to a better/patched
version.
>
> What I don't know is whether the binaries that are built and distributed directly by
the project
> incorporate OpenSSL in any manner?
>
> Can anyone clear that up?
>
>   1. Do our built binaries depend on and distribute OpenSSL in some manner?
>
>   2. Is this for all platforms or only some of them?
>

While your questions are interesting, and we really must keep OpenSSL 
updated, it would seems like you want to limit the impact of what could 
be considered a liability. I think in our modern world the opposite 
approach is necessary: we should be looking at considering encryption 
more as an opportunity than a threat.

It looks like we have been avoiding including openssl where we should 
have: the general build *should* depend on OpenSSL for APR, curl, and 
python. I have never really worried about it because my primary platform 
(FreeBSD .. yeah!) uses the pre-packaged dependencies by default and 
those depend on OpenSSL.

So, my answers to your questions are:

1) I hope so, and if we are not, we have to fix that.

2) We absolutely must keep all platforms consistent.


Pedro.


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message