Status of OpenSSL 1.1 support
Nico Kadel-Garcia
nkadel at gmail.com
Sun Oct 15 15:15:51 AEDT 2017
On Sat, Oct 14, 2017 at 5:23 AM, Peter Stuge <peter at stuge.se> wrote:
> Damien Miller wrote:
>> I'm considering adding some build sugar to simplify the process of
>> building (and possibly fetching) LibreSSL as port of the OpenSSH
>> build process.
>
> Please don't add any fetching, even opt-in, at the very least. It's
> often a mistake, and a decision that is difficult to revert once it
> becomes taken for granted.
>
>
> Thanks
>
> //Peter
*If* it became needful: Subversion did a pretty good job with this.
They provide a "pre-build" script that checks if recent enough
versions of libraries are installed, and fetches them if not found. It
was a useful tool for backporting the software to older operating
systems without contemporary libraries, but it also meant statically
compiling those components. It could be a *lot* of work picking and
choosing. That sort of stunt would seem more appropriate to the
"portable" releases of OpenSSH, not the primary release.
And yes, pulling in libraries for internal compilation is error prone,
especially without a *very* well defined build environment.
More information about the openssh-unix-dev
mailing list