Extension Development :: Security Updates



Quote (curaga @ June 30 2008,17:09)
Uh.. Sorry to interrupt you guys with a theoretical question, but wouldn't this break every single extension that uses openssl? Some are very picky of it..
From my experience I've changed ssl libs without having compatibility problems in the applications (incl. windows dlls).  Maybe it keeps the same API?  After all, the naming could be something like lib*.so.0 ... but this is really just my guesswork.

You're not interrupting. At least someone here has a constructive question and/or constructive criticism. Thanks for asking and elevating the discussion.

It won't affect "every single" extension, but you're right that some of them may have problems. That was one of the other reasons for holding back and seeing what's going on with core and if the two will share extensions, etc.

That said, I've used quite a few extensions built with newer OpenSSL versions. IIRC, the svn UCI in testing has its own OpenSSL. That one comes to mind but I think I've seen it in a few others. I'm grep'ing mydslinfo now and see Juanito also added it to compile-3.3.5.uci.

I've also had zero problems with the other extensions I've used. Since I compiled most of the crypto- and security-related software (e.g., gpg, etc.) I use against the newer libs, I would also submit those. I prefixed most of the apps (e.g., gpg, Sylpheed with gpg, etc.) in /opt so I could submit as UCIs.

Quote
After all, the naming could be something like lib*.so.0 ... but this is really just my guesswork.

As I just added at the end, I've had no problems with existing extensions. The only error messages I've had are from XMMS, Sylpheed (missing icons or something), etc., already known in DSL and completely unrelated to OpenSSL library issues.

Quote
I'm not "whining"...

You are. Stop it.
Quote
I just don't understand why someone brings up a topic about an extension and then just pospones it to an undefined future...

It's a very well-defined future: WHEN I HAVE A BETTER IDEA WHAT WE'RE DOING WITH CORE SO I DON'T HAVE TO MAKE MULTIPLE VERSIONS OF THINGS IF I DON'T HAVE TO. What's so difficult to understand about that? Geez.
Quote
Maybe I got the whole thing wrong...

You did. As usual.
Quote
...I thought that you almost were done making this extension.

I am. I have several versions of it that I've used on hard drive, frugal, and USB installs as well as in a remaster. It works. I told you when I'll submit. Why are you so burdened by that?
Quote
To help others is the main reason for why i post anything in this forum...

How is your harping and whining about the status of any submission (not the first time you've pulled this crap) helpful? How are you being helpful by complaining about "a lot of talk" in a thread with an initial post that mentions "if there's interest" (and where very little has been shown)? Are you genuinely interested or just badgering about this? And are you so arrogant that you think you're the ONLY person here trying to help others? Why the hell do you think anyone else comes here? Geez (again).

Hi again!

Well, maybe my input wasn't to the liking of the topic starter but at least it restarted the discussion (at least something).

Have fun with DSL as you want it,
meo

EDIT: Yes, your last post really shows that you want to help people.

Next Page...
original here.