[MacPorts] #51516: MacPorts should use a bundled copy of a newer libcurl and SSL library rather than the OS X version

MacPorts noreply at macports.org
Fri Dec 3 05:03:27 UTC 2021


#51516: MacPorts should use a bundled copy of a newer libcurl and SSL library
rather than the OS X version
--------------------------+--------------------------------
  Reporter:  ryandesign   |      Owner:  macports-tickets@…
      Type:  enhancement  |     Status:  new
  Priority:  Normal       |  Milestone:  MacPorts Future
 Component:  base         |    Version:
Resolution:               |   Keywords:
      Port:               |
--------------------------+--------------------------------

Comment (by danielluke):

 Replying to [comment:72 devernay]:
 > I would even consider it a security issue at this point, since "All
 older versions [of openssl] (including 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are
 now out of support and should not be used." - from
 https://www.openssl.org/source/
 >
 > Any software that currently ships (including MacPorts) should not use
 any of these versions, and thus not use the system's curl on older
 systems.

 The security issue is trying to run an old, unsupported macOS version that
 is no longer receiving patches from Apple. If you insist on doing that,
 you can work-around it. I don't think MacPorts should be in the business
 of providing OS patches after Apple stops, and I don't think it should be
 in the business of encouraging people to run obsolete OS versions.

-- 
Ticket URL: <https://trac.macports.org/ticket/51516#comment:73>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list