Re: FreeBSD-newbies is a community.
From: Ash Gokhale (ash.gokhale_at_noaa.gov)
Date: 03/22/04
- Previous message: Matthew Seaman: "Re: MUTA"
- In reply to: Sally Hines: "RE: FreeBSD-newbies is a community."
- Next in thread: Nikolas Britton: "Re: FreeBSD-newbies is a community."
- Reply: Nikolas Britton: "Re: FreeBSD-newbies is a community."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 22 Mar 2004 11:32:50 -0500 To: "Sally Hines" <shines@smaller.net>
The crypto (libcrypto) framework is a set of algorithms , code ,
headers and libraries that allow your machine to encrypt and decrypt
traffic bound for where someone might want to read, alter or forge it,
and you don't want them to. There are places where it is not legal use
or export some of this technology; find out if you live in one.
OpenSSLis a part of that framework. To think you run a secure machine,
you must convince yourself that It's secure on all levels. All the
applications on your machine look to libcrypto to provide security
services to provide. It's the engine for packages like SSH and
Apache/SSL. Above the hardware and the kernel, it's the basis for all
the crypto on the machine. Never versions of applications require
current versions of libcrypto to resist attacks based on known bugs.
Ports is easy. By building out of ports you are leveraging other
peoples work, but you might not say with high confidence that the ports
system builds libcrypto to your level of paranoia. If you can conceive
of some malicious person slipping something bad into the repository (it
has happened to other OS's), you may want to build it yourself.
Building it yourself is the other option. Before there was a ports
tree, you had to build it all by hand, in doing so you learn much about
your machine and the thousands of ways to break it. OpenSSL.org makes
the signed source code available; which you can be reasonably sure has
not been tampered. When you get good at the process you can commit
your own port to the ports tree.
> btw: I would not build _my_ crypto framework from ports. *wink
btw: Adding this btw in this manner is called a troll.
On Mar 20, 2004, at 1:17 PM, Sally Hines wrote:
> What does it mean? You would not build your crypto framework from
> ports?
> What is crypto framework?
> Why not ports?
> What options are there?
Ash Gokhale
System Administration Lead,
NOAA/MDL
_______________________________________________
freebsd-newbies@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-newbies
To unsubscribe, send any mail to "freebsd-newbies-unsubscribe@freebsd.org"
- Previous message: Matthew Seaman: "Re: MUTA"
- In reply to: Sally Hines: "RE: FreeBSD-newbies is a community."
- Next in thread: Nikolas Britton: "Re: FreeBSD-newbies is a community."
- Reply: Nikolas Britton: "Re: FreeBSD-newbies is a community."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
